Microsoft Apologizes for Removing VSCode Extensions Microsoft Apologizes for Removing VSCode Extensions Used by Millions

Microsoft Apologizes for Removing VSCode Extensions Used by Millions

Microsoft Apologizes for Removing VSCode Extensions Used by Millions

Microsoft is restoring the "Material Theme – Free" and "Material Theme Icons – Free" extensions to the Visual Studio Marketplace after confirming that the obfuscated code they contained was not actually malicious.

These two extensions, which had surpassed 9 million installs, were removed from the VSCode Marketplace in late February due to security concerns, and their publisher, Mattia Astorino (known as equinusocio), was banned from the platform.

At the time, a Microsoft employee stated:
"A community member conducted a deep security analysis of the extension and discovered several alarming indicators that could suggest malicious intent, and reported this to us."

They added:


"Our security researchers at Microsoft confirmed the validity of these concerns and also found other suspicious code."

Security researchers Amit Assaraf and Itay Kruk, who use AI tools to monitor suspicious code in VSCode, were the first to report these extensions as potentially threatening.

The researchers reported that the high risk score assigned to the Material Theme extension was a result of finding command execution code inside a file called "release-notes.js", which was heavily obfuscated, raising suspicions around it.

Astorino Contests the Accusations and Microsoft Apologizes After Restoring the Extensions

Mattia Astorino immediately objected to the accusations leveled against him and the removal of his extensions from the VSCode Marketplace, asserting that the issue stemmed from an old dependency on the sanity.io library, which had been used since 2016 to display release notes from Sanity Headless CMS.

According to Astorino, he could have removed this dependency within seconds had Microsoft contacted him, but he was surprised to find his account banned without any prior warning.

He said: "There was no malicious code. I had not updated the extension for years because I was focused on the new version, except for the obfuscation process."

He explained that the only problem was in a build script that ended up inside the index.js file of the Material Theme Icons extension. He added that this script was used to generate JSON files after extracting SVG icons from a closed-source repository, something that had been removed long ago.

As for the Material Theme extension, he clarified that the obfuscation process had unintentionally introduced the sanity.io SDK client, which contained some strings referencing passwords or usernames (an authentication client). However, he confirmed that these were not malicious — they were the result of a build error that occurred a long time ago.

Microsoft Restores the Extensions and Apologizes

Following Astorino's demands to restore his account and extensions, Scott Hanselman, a Microsoft executive, issued an apology via a post on GitHub, after which the publisher's account was reinstated and the extensions were made available again on the VSCode Marketplace.

Hanselman stated:
"The publisher account for the Material Theme and Material Theme Icons extensions (Equinusocio) was reported in error, and has now been restored."

He added:
"In the interest of security, we acted quickly but we made a mistake. We removed these extensions because they triggered several malware detection alerts within Microsoft's systems, but our investigation led us to an incorrect conclusion."

Microsoft Apologizes and Promises to Update VSCode Marketplace Policies

Scott Hanselman stated in his announcement:
"Again, we apologize that the author was caught in the unintended impact, and we look forward to seeing more of his future work in themes and extensions. We have reached out to him and thanked him for his patience."

He also announced that the Visual Studio Code Marketplace will update its policies regarding obfuscated code, in addition to improving security scanning tools, in order to avoid making hasty decisions about future projects.

Divided Opinions on the Extension's Safety

When security researcher Amit Assaraf was asked about the latest developments, he insisted that the extension did contain malicious code, but clarified that there was no malicious intent on the developer's part, adding:
"In this case, Microsoft acted too hastily."

For his part, Mattia Astorino confirmed that the Material Theme extensions in the VSCode Marketplace have been completely rewritten and are now safe to use.

And with that, dear brothers and sisters, we have successfully completed the mission ✌

Send blessings upon the Prophet, may your hearts find peace, and do good no matter how small 🎯🌷

And do not forget our brothers everywhere in your prayers 📌

Regards from the #Ezznology #Ezz_Technology team

You can also browse our store products from here 👈#our store 🌷 or here

 

To join our family on the Telegram group click 👈 here

Also our Facebook group where we share information and help members 👈 here

To subscribe to our newsletter on Google News click here✌👇

Ezznology-on-Google-News

Or scan the code

Ezznology on Google news
Ezznology on Google news

Other topics that may interest you:

What is a Keylogger: Definition, Types, and Protection Methods

All AI Models Are the Same — They're All Just Cheese

The Fate of Search Engines in the Age of Spreading AI Models

Everything You're Looking for in One AI Model: Claude Sonnet 3.7

Grok 3 Free for a Limited Time, According to Elon Musk