1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Microsoft patches "crazy bad" remote attack vulnerability found in Windows Defender

By midian182 ยท 4 replies
May 9, 2017
Post New Reply
  1. Microsoft has released an update to fix a vulnerability discovered in its MsMpEng malware protection engine used in Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, and more. The bug can allow a hacker to take over a system just by sending an email or instant message - the recipient doesn’t even have to open or read it for the attack to work, Defender just needs to scan the contents. The flaw could also be exploited by getting users to click on web browser links.

    Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich discovered the “crazy bad” bug over the weekend. It lets hackers booby trap files with malicious code that is automatically executed when Microsoft’s anti-malware software scans the data.

    "An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” wrote Microsoft. The company added that it hadn't seen any public exploitation of the vulnerability.

    Google’s security report explains that the Malware Protection service is “enabled by default” in Windows 8, 8.1, 10, Server 2012 and a number of other versions of the software. You can see the full list below.

    The fix was rolled out in an emergency update on Monday night, just hours before the weekly Tuesday security update. The Redmond company has been praised for the speed at which it released the patch. Ormandy says he was “blown away” by how quickly Microsoft responded.

    To make sure your PC has been patched and isn’t at risk, head to ‘Windows Defender settings’ and make sure the engine number is 1.1.13704.0 or higher.

    Permalink to story.

  2. Cycloid Torus

    Cycloid Torus Stone age computing - click on the rock below.. Posts: 3,850   +1,117

    Good response time.
    Reehahs and Teko03 like this.
  3. jobeard

    jobeard TS Ambassador Posts: 12,657   +1,473

    TAKE that you MS Fan Girls. Shows exactly what MS Defender is worth - - Zilch!
  4. Puiu

    Puiu TS Evangelist Posts: 3,263   +1,717

    The only AV solution I trust is my common sense and maybe Bitdefender. Defender is more than adequate for the majority of people and other free AVs are just as crappy.
  5. Phr3d

    Phr3d TS Guru Posts: 404   +86

    Nice to know what boned my win10 device this morning.. (shuddup Phr3d -- wanna see a pic of 30 Minutes of Core at 50%? shudUP Phr3d!)

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...