Monthly Bugs Digest — February 2023

QATestLab
5 min readMar 1, 2023

In 2017, Tricentis studied a collection of 606 software bugs from 314 companies. They found that those bugs impacted half the world’s population and caused $1.7 trillion in losses. What a number! Bugs can ruin a company’s reputation, lead to loss of clients, and even be the reason behind its failure. That is why detecting and removing them before your software product hits the market is crucial.

In today’s episode of Monthly Bug Digest, we are going to talk about software vulnerabilities that caused a headache for the top companies in AI, gaming, and healthcare industries.

Let’s dive into what we’ve learned from the Software Bug Digest — February Edition!

Google’s AI chatbot Bard makes a factual error in the first demo

Earlier this month, Google beta-launched its AI chatbot Bard — a competitor to OpenAI’s ChatGPT. But Google’s bot isn’t off to a great start. Experts say that Bard made a factual error in its very first demo. Oops.

So, what was the mistake that was worth over $120 billion Alphabet market value? In less than a day.

Google shared a GIF showing Bard answering the question: “What new discoveries from the James Webb Space Telescope can I tell my 9-year-old about?” Bard offers three bullet points in return, including one that states that the telescope “took the very first pictures of a planet outside of our own solar system.”

However, some knowledgeable Twitter users pointed out that the AI is wrong, and the first image of an exoplanet was taken in 2004 — as stated on NASA’s website.

Bruce Macintosh, director of the University of California Observatories at UC Santa Cruz, was one of the first to call out the mistake. “Speaking as someone who imaged an exoplanet 14 years before JWST was launched, it feels like you should find a better example?” he tweeted.

A spokesperson for Google, Jane Park, commented in The Verge: “This highlights the importance of a rigorous testing process, something that we’re kicking off this week with our Trusted Tester program. We’ll combine external feedback with our internal testing to ensure Bard’s responses meet a high bar for quality, safety, and groundedness in real-world information.”

Nice catch, Google! Testing is vital indeed! And we hope that next time Bard will show much better results and prove that AI can be a trusted source of knowledge.

Windows PCs are experiencing crashes due to Intel driver bugs

According to Microsoft, apps using DirectX are crashing on Windows systems because of outdated Intel GPU drivers.

The impacted Windows platforms list includes a server (Windows Server 2022) and client (Windows 11 22H2, Windows 10 22H2, Windows 11 21H2, Windows 10 21H2, Windows 10 20H2, and Windows 10 Enterprise LTSC 2019) releases.

Microsoft is working on a fix for this newly acknowledged issue and will provide an update with an upcoming release. Until an update addressing this issue is released, Microsoft says that affected customers can temporarily work around it by updating their Intel GPU driver to a newer version.

Unfortunately, this is not the first time Microsoft has addressed Intel vulnerabilities. One year ago, Microsoft also dealt with an issue in the DirectX kernel component triggering blue screens of death (BSOD) on Windows 11 systems.

Healthcare giant CHS reports first data breach in GoAnywhere hacks

Community Health Systems (CHS) announces it was impacted by a recent wave of attacks targeting a zero-day vulnerability in Fortra’s GoAnywhere MFT secure file transfer platform.

According to an investigation, the resulting data breach affected up to one million patients’ personal and health information.

The company issued emergency security updates after a proof-of-concept exploit was released online, allowing unauthenticated attackers to gain remote code execution on vulnerable servers.

“While that investigation is still ongoing, the Company believes that the Fortra breach has not had any impact on any of the Company’s information systems and that there has not been any material interruption of the Company’s business operations, including the delivery of patient care,” CHS said an 8-K filing with the SEC first spotted by DataBreaches.net.

The company added that it would offer identity theft protection services and notify all affected individuals whose information had been compromised.

With 79 affiliated acute-care hospitals and over 1,000 other care centers in the country, CHS is one of the largest healthcare providers in the United States.

Malicious Dota 2 game modes infected players with harmful software

Security researchers have discovered four malicious Dota 2 game modes a threat actor uses to backdoor the players’ systems.

The attacker created four game modes for the highly popular Dota 2 multiplayer online battle arena video game and published them on the Steam store to target the game fans.

The attacker also included a new file named evil.lua that was used to test server-side Lua execution capabilities. This snippet could be used for logging, executing arbitrary system commands, creating coroutines, and making HTTP GET requests.

The backdoor allowed the threat actor to execute commands remotely on the infected devices, potentially allowing the installation of further malware on the device.

The good news is the attack was not large in scale. According to Avast malware researcher Jan Vojtěšek, under 200 players were affected.

Let’s work on quality together

Software bugs can be the downfall of apps, ruin reputations, and cost companies millions to fix. Do not wait for users to flag an issue in your software. Catch bugs and issues before your users do.

Working with an independent QA services provider is a good start to launching a high-quality product with flawless features. Contact us with your project details and stay one step ahead of your competition.

--

--

QATestLab

QATestLab is an international provider of independent QA and testing services with 15 years of cross-industry experience. https://qatestlab.com/