1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Microsoft patches critical flaw in Windows Defender

By Jos · 12 replies
Jun 28, 2017
Post New Reply
  1. Microsoft has plugged a critical vulnerability in Windows Defender that could have allowed an attacker to execute code remotely and take over a user's computer. The bug, discovered by Google Project Zero researcher Tavis Ormandy, was exploitable without user interaction.

    According to Ormandy, all it took was either tricking the victim into visiting a malicious website hosting a specially crafted JS file, or sending a malicious file via email, messaging or as a download. The Microsoft Malware Protection Engine (MsMpEng), a core security service part of the Microsoft ecosystem, will automatically scan any new content arriving on the user's PC, even before opening it, subsequently crashing and allowing for remote code execution.

    According to his technical writeup, he had to encrypt the proof-of-concept demo file before sending it to Microsoft so it wouldn’t potentially crash Microsoft’s email servers.

    The problem relates to the x86 emulator Windows Defender uses, which runs at the privileged SYSTEM level in Windows, is not sandboxed, and offers up API calls to attackers.

    Ormandy reported the issue to Microsoft on June 9th and withheld disclosure until the company issued a patch via a silent update to the Malware Protection Engine in version 1.1.13903.0. The bug, tracked as CVE-2017-8557, affects Windows Defender 32 and 64-bit versions in Windows 10, Windows 8.1, Windows 8.1 RT, Windows 7 and Windows Server 2016.

    Permalink to story.

     
    Last edited by a moderator: Jun 28, 2017
  2. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 8,647   +3,286

    "Microsoft patches critical flaw in Windows Defender".
    I was hoping for something a bit more useful like being able to uninstall it and use an AV of our choice or at least scanning automatically when it detects no user activity for a while instead of nagging us to do a manual scan.
     
  3. Nobina

    Nobina TS Evangelist Posts: 2,003   +1,537

    Would be good if we had the option to uninstall it but I don't really like other AV solutions so I would stick with Defender. I guess not everything MS does is bad.
     
  4. texasrattler

    texasrattler TS Evangelist Posts: 740   +293

    No nagging on my end. Doesn't do anything on my computer. Never has.
    You can't uninstall anything that's embedded in the OS. Which isn't new so why you complaining about that. You can install whatever AV you want.
     
  5. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 8,647   +3,286

    How strange indeed. I uninstalled Cortana, their market site, Xbox stuff and a whole host of all other useless programs without using any special tools, just the regular uninstaller. Remember, I don't have the Yank version of the OS installed, Win 10 varies from region to region.
     
  6. Puiu

    Puiu TS Evangelist Posts: 3,525   +1,987

    once you install a 3rd party AV, defender won't do anything. why are you complaining about the most lightweight AV solution? it's not like you need anything better unless you regularly visit dirty websites or have a habit of opening email attachments from spam.
     
    Teko03 likes this.
  7. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 8,647   +3,286

    Didn't you come across the article here about M$ confessing to their AV disabling 3rd party AV's? I really don't care what AV I use (and I use Defender just because it's there and I trust it does it's job) but background scanning while the machine is idle is always a handy feature to have. For some reason, only known to M$, they've omitted it, rather prompting me to run a scan every so often. Maybe you have that auto scan feature but I certainly don't.
     
  8. Puiu

    Puiu TS Evangelist Posts: 3,525   +1,987

    dude, you need to read that article again and see why the MS was disabling Kaspersky. TL;DR Kaspersky sucks at doing updates.
    Quote from The Verge:
    ~~
    Windows 10 prompts to install a new version of anti-virus from third parties like Kaspersky after an update, but it disables the old version if it’s not compatible. “We first temporarily disabled some parts of the AV software when the update began,” explains Lefferts. “We did this work in partnership with the AV partner to specify which versions of their software are compatible and where to direct customers after updating."

    Kaspersky has also accused Microsoft of not providing enough time to fully test its latest versions of Windows 10 to ensure existing software is compatible.
    ~~

    what I said before is still fact.
     
  9. Teko03

    Teko03 TS Evangelist Posts: 578   +298

    Sooooo....it doesn't require user interaction, but it requires the user to click a link or open an e-mail message? So we're just going to pretend that isn't user interaction? Seriously....

    Windows Defender only works as AV if you have no other AV installed. If you install a third party AV Windows Defender disables itself.
     
  10. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 8,647   +3,286

    Defender is fine. I could most likely get away without using any AV just by using some common sense but rather safe than sorry. I am human after all and do make the odd, stupid mistakes.
     
  11. Puiu

    Puiu TS Evangelist Posts: 3,525   +1,987

    I always assume that all people online are AIs until they prove me otherwise.
     
  12. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 8,647   +3,286

    I'm not AI, I'm a bot. Don't drag me down to that level. ;)
     
  13. Aaron Jones

    Aaron Jones TS Rookie Posts: 17   +7

    All you'd have to do is *send the e-mail to them*. Mail clients will automatically download e-mail. That means Defender will automatically scan it. No user interaction.
     

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...