What continues to amaze me is the continued lack of real-time detection "enterprise" products have on even n-day discoveries like this. Even five days passed disclosure, we still have very limited IOC signaling:
The problem with the traditional antivirus signature model is that it's reactive rather than proactive. Once it's been identified by human or automated submission for human and/or automated analysis, the damage has likely already been done if it ran on a clean machine(s) already. But that's only the fraction of malware that will ever be identified because a large but unknowable fraction goes by unidentified, perhaps for all time. (When I was a Windows SA 20 years ago, I saw all sort of customer machines infected by advanced persistent threats that used evasion without any sort of antivirus signatures because they were novel threats.) What may be scanned by N vendors and deemed "safe" today and/or 10 years from now could be in fact malware by behavior.
PSA: Never run untrusted code on important machines. This might mean forbidding the use of third-party extensions for common applications until they are audited, something Microsoft clearly isn't doing.
PSA: Never run untrusted code on important machines. This might mean forbidding the use of third-party extensions for common applications until they are audited, something Microsoft clearly isn't doing.