Microsoft open-sources fuzzing tool used for bug-ridden Windows 10

Developers can access the vulnerability detection tool through Github as Microsoft shifts away from its legacy scheme

Microsoft has publicly released the vulnerability testing tool it uses to detect bugs in its flagship products including the Windows 10 operating system, which has been blighted with glitches in recent months.

After previously revealing it would replace its existing software testing programme, known as Microsoft Security and Risk Detection, Microsoft has made its automated and open source tool available through Github for developers around the world. 

This transition to fuzzing, dubbed Project OneFuzz, sits in line with the wider industry’s movement to this method of vulnerability detection. Google, for example, has deployed fuzzing for some time, and even launched a Fuzzing benchmarking tool in March this year for developers to compare the viability of different services.

The technique is known to be a highly effective method for raising the level of security and reliability of native code, and involves developers feeding random excerpts of programming into a bug detection engine.

Project OneFuzz is an extensive fuzz testing framework that can be deployed through the Azure public cloud, and is the same testing framework used to detect bugs in various Microsoft products including Windows, Edge and other projects.

“Microsoft’s goal of enabling developers to easily and continuously fuzz test their code prior to release is core to our mission of empowerment,” said Microsoft Security’s principal security software engineer lead Justin Campbell and senior director for special projects management Mike Walker.

“The global release of Project OneFuzz is intended to help harden the platforms and tools that power our daily work and personal lives to make an attacker’s job more difficult.

Recent advancements have transformed the security engineering tasks involved in fuzz testing native code, with several useful functionalities including crash detection, coverage tracking and input harnessing now baked into fuzzing.

Project OneFuzz has already allowed developers to continuously scan Windows operating system builds for errors and harden updates prior to launch, Microsoft claims. Windows 10, however, has suffered from recent waves of glitches and bugs, particularly as a result of both major and minor updates. 

Windows 10’s May 2020 Update, for example, has produced a litany of issues for users of all varieties over the last few months, ranging from strange networking and connectivity issues to problems affecting Lenovo devices specifically.

Related Resource

Why containerisation needs context

The problems with infrastructure monitoring in the age of Kubernetes

Download now

The latest Patch Tuesday, too, saw Microsoft release 129 fixes across its various products including 23 patches for critical flaws, signalling that big updates have become the new normal for the Windows developer.

Microsoft would hope that the continued deployment of Project OneFuzz would eventually begin to iron out errors and bugs prior to patches and updates being released. 

Project OneFuzz gives developers the capability to launch fuzz jobs running from a few virtual machines to thousands of cores. Features include composable fuzzing workloads, built-in ensemble fuzzing, on-demand live-debugging of crashes, and crash reporting notification callbacks, among many others.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

15 Oct 2021
Microsoft Windows 11 review: The more things change, the more they stay the same
Microsoft Windows

Microsoft Windows 11 review: The more things change, the more they stay the same

5 Oct 2021
How to turn on Windows Defender
Software

How to turn on Windows Defender

30 Sep 2021
How to virtualise Windows 7 inside Windows 10
Microsoft Windows

How to virtualise Windows 7 inside Windows 10

9 Sep 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021