IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft open-sources fuzzing tool used for bug-ridden Windows 10

Developers can access the vulnerability detection tool through Github as Microsoft shifts away from its legacy scheme

magnifying glass showing bug on binary code

Microsoft has publicly released the vulnerability testing tool it uses to detect bugs in its flagship products including the Windows 10 operating system, which has been blighted with glitches in recent months.

After previously revealing it would replace its existing software testing programme, known as Microsoft Security and Risk Detection, Microsoft has made its automated and open source tool available through Github for developers around the world. 

This transition to fuzzing, dubbed Project OneFuzz, sits in line with the wider industry’s movement to this method of vulnerability detection. Google, for example, has deployed fuzzing for some time, and even launched a Fuzzing benchmarking tool in March this year for developers to compare the viability of different services.

The technique is known to be a highly effective method for raising the level of security and reliability of native code, and involves developers feeding random excerpts of programming into a bug detection engine.

Project OneFuzz is an extensive fuzz testing framework that can be deployed through the Azure public cloud, and is the same testing framework used to detect bugs in various Microsoft products including Windows, Edge and other projects.

“Microsoft’s goal of enabling developers to easily and continuously fuzz test their code prior to release is core to our mission of empowerment,” said Microsoft Security’s principal security software engineer lead Justin Campbell and senior director for special projects management Mike Walker.

“The global release of Project OneFuzz is intended to help harden the platforms and tools that power our daily work and personal lives to make an attacker’s job more difficult.

Recent advancements have transformed the security engineering tasks involved in fuzz testing native code, with several useful functionalities including crash detection, coverage tracking and input harnessing now baked into fuzzing.

Project OneFuzz has already allowed developers to continuously scan Windows operating system builds for errors and harden updates prior to launch, Microsoft claims. Windows 10, however, has suffered from recent waves of glitches and bugs, particularly as a result of both major and minor updates. 

Windows 10’s May 2020 Update, for example, has produced a litany of issues for users of all varieties over the last few months, ranging from strange networking and connectivity issues to problems affecting Lenovo devices specifically.

Related Resource

Why containerisation needs context

The problems with infrastructure monitoring in the age of Kubernetes

Download now

The latest Patch Tuesday, too, saw Microsoft release 129 fixes across its various products including 23 patches for critical flaws, signalling that big updates have become the new normal for the Windows developer.

Microsoft would hope that the continued deployment of Project OneFuzz would eventually begin to iron out errors and bugs prior to patches and updates being released. 

Project OneFuzz gives developers the capability to launch fuzz jobs running from a few virtual machines to thousands of cores. Features include composable fuzzing workloads, built-in ensemble fuzzing, on-demand live-debugging of crashes, and crash reporting notification callbacks, among many others.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Recommended

Windows vs Linux: what's the best operating system?
operating systems

Windows vs Linux: what's the best operating system?

22 Jun 2022
Best business laptops 2022: Acer, Asus, Dell and more
Laptops

Best business laptops 2022: Acer, Asus, Dell and more

13 Jun 2022
Microsoft Windows Defender review: An ideal (if unfriendly) business security solution
antivirus

Microsoft Windows Defender review: An ideal (if unfriendly) business security solution

1 Jun 2022
How to turn on Windows Defender
Software

How to turn on Windows Defender

31 May 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Delivery firm Yodel disrupted by cyber attack
cyber attacks

Delivery firm Yodel disrupted by cyber attack

21 Jun 2022
Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022