Microsoft Friday false positive: Bluber-A ballsup makes sysadmins blub

Benign and fine but alarms do double-time

Engineer aboard Das Boot U-96 responds to telegraphs

Enterprises were faced with all sorts of inconvenience on Friday after a Microsoft security tool incorrectly flagged up benign files as infected with a worm.

Microsoft Defender's false positive resulted in false alarms that files were infected by Bluber-A, a previously obscure cyber-pathogen. Redmond's security gnomes reacted quickly by pulling the rogue definition file and pushing out a fresh update, as explained in a note attached to the Bluber write-up.

On March 31, 2017, an incorrect detection for our cloud-based protection for Worm:Win32/Bluber.A was identified and immediately fixed. To ensure that this issue is remediated, you can do a forced daily update to download your Microsoft antimalware and antispyware software. The fix has been deployed in signature build 1.239.530.0 on March 31, 2017, 2:50 PM PDT.

False positives are a well known Achilles' heel of security scanner packages. All vendors experience the problem from time to time. Microsoft - as the creator of Windows - ought to be better placed than most to avoid such pratfalls but the latest incident is far from unprecedented (previous examples here and here). Redmond responded quickly but still not promptly enough for one Reg reader who got roped in to deal with the problem last Friday.

"Friday afternoon wasted [on] this unnecessary crap," reader Michelle told El Reg. "Thought we had a vicious worm spreading throughout the organisation at high speed.  Turns out that we did... Microsoft updates. :-("

The issue also generated a animated thread on Reddit. We asked Microsoft to comment on the snafu but we well told that this would have to come from its US office. We'll update this story as and when we hear more. ®


Biting the hand that feeds IT © 1998–2017