Microsoft patches "crazy bad" remote attack vulnerability found in Windows Defender

midian182

TechSpot Editor
Staff member

Microsoft has released an update to fix a vulnerability discovered in its MsMpEng malware protection engine used in Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, and more. The bug can allow a hacker to take over a system just by sending an email or instant message - the recipient doesn’t even have to open or read it for the attack to work, Defender just needs to scan the contents. The flaw could also be exploited by getting users to click on web browser links.

Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich discovered the “crazy bad” bug over the weekend. It lets hackers booby trap files with malicious code that is automatically executed when Microsoft’s anti-malware software scans the data.

"An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” wrote Microsoft. The company added that it hadn't seen any public exploitation of the vulnerability.

Google’s security report explains that the Malware Protection service is “enabled by default” in Windows 8, 8.1, 10, Server 2012 and a number of other versions of the software. You can see the full list below.

The fix was rolled out in an emergency update on Monday night, just hours before the weekly Tuesday security update. The Redmond company has been praised for the speed at which it released the patch. Ormandy says he was “blown away” by how quickly Microsoft responded.

To make sure your PC has been patched and isn’t at risk, head to ‘Windows Defender settings’ and make sure the engine number is 1.1.13704.0 or higher.

Permalink to story.

 

Puiu

TS Evangelist
TAKE that you MS Fan Girls. Shows exactly what MS Defender is worth - - Zilch!
The only AV solution I trust is my common sense and maybe Bitdefender. Defender is more than adequate for the majority of people and other free AVs are just as crappy.
 

Phr3d

TS Guru
Nice to know what boned my win10 device this morning.. (shuddup Phr3d -- wanna see a pic of 30 Minutes of Core at 50%? shudUP Phr3d!)