Microsoft patches critical flaw in Windows Defender

Jos

Jos

Posts: 3,073   +97
Staff

Microsoft has plugged a critical vulnerability in Windows Defender that could have allowed an attacker to execute code remotely and take over a user's computer. The bug, discovered by Google Project Zero researcher Tavis Ormandy, was exploitable without user interaction.

According to Ormandy, all it took was either tricking the victim into visiting a malicious website hosting a specially crafted JS file, or sending a malicious file via email, messaging or as a download. The Microsoft Malware Protection Engine (MsMpEng), a core security service part of the Microsoft ecosystem, will automatically scan any new content arriving on the user's PC, even before opening it, subsequently crashing and allowing for remote code execution.

According to his technical writeup, he had to encrypt the proof-of-concept demo file before sending it to Microsoft so it wouldn’t potentially crash Microsoft’s email servers.

The problem relates to the x86 emulator Windows Defender uses, which runs at the privileged SYSTEM level in Windows, is not sandboxed, and offers up API calls to attackers.

Ormandy reported the issue to Microsoft on June 9th and withheld disclosure until the company issued a patch via a silent update to the Malware Protection Engine in version 1.1.13903.0. The bug, tracked as CVE-2017-8557, affects Windows Defender 32 and 64-bit versions in Windows 10, Windows 8.1, Windows 8.1 RT, Windows 7 and Windows Server 2016.

Permalink to story.

https://www.techspot.com/news/69904-microsoft-patches-critical-flaw-windows-defender.html

 
"Microsoft patches critical flaw in Windows Defender".
I was hoping for something a bit more useful like being able to uninstall it and use an AV of our choice or at least scanning automatically when it detects no user activity for a while instead of nagging us to do a manual scan.
 
Skidmarksdeluxe said:
"Microsoft patches critical flaw in Windows Defender".
I was hoping for something a bit more useful like being able to uninstall it and use an AV of our choice or at least scanning automatically when it detects no user activity for a while instead of nagging us to do a manual scan.
Click to expand...
Would be good if we had the option to uninstall it but I don't really like other AV solutions so I would stick with Defender. I guess not everything MS does is bad.
 
No nagging on my end. Doesn't do anything on my computer. Never has.
You can't uninstall anything that's embedded in the OS. Which isn't new so why you complaining about that. You can install whatever AV you want.
 
texasrattler said:
No nagging on my end. Doesn't do anything on my computer. Never has.
You can't uninstall anything that's embedded in the OS. Which isn't new so why you complaining about that. You can install whatever AV you want.
Click to expand...
How strange indeed. I uninstalled Cortana, their market site, Xbox stuff and a whole host of all other useless programs without using any special tools, just the regular uninstaller. Remember, I don't have the Yank version of the OS installed, Win 10 varies from region to region.
 
Skidmarksdeluxe said:
"Microsoft patches critical flaw in Windows Defender".
I was hoping for something a bit more useful like being able to uninstall it and use an AV of our choice or at least scanning automatically when it detects no user activity for a while instead of nagging us to do a manual scan.
Click to expand...
once you install a 3rd party AV, defender won't do anything. why are you complaining about the most lightweight AV solution? it's not like you need anything better unless you regularly visit dirty websites or have a habit of opening email attachments from spam.
 
  • Like
Reactions: Teko03
Puiu said:
once you install a 3rd party AV, defender won't do anything. why are you complaining about the most lightweight AV solution? it's not like you need anything better unless you regularly visit dirty websites or have a habit of opening email attachments from spam.
Click to expand...
Didn't you come across the article here about M$ confessing to their AV disabling 3rd party AV's? I really don't care what AV I use (and I use Defender just because it's there and I trust it does it's job) but background scanning while the machine is idle is always a handy feature to have. For some reason, only known to M$, they've omitted it, rather prompting me to run a scan every so often. Maybe you have that auto scan feature but I certainly don't.
 
Skidmarksdeluxe said:
Didn't you come across the article here about M$ confessing to their AV disabling 3rd party AV's? I really don't care what AV I use (and I use Defender just because it's there and I trust it does it's job) but background scanning while the machine is idle is always a handy feature to have. For some reason, only known to M$, they've omitted it, rather prompting me to run a scan every so often. Maybe you have that auto scan feature but I certainly don't.
Click to expand...
dude, you need to read that article again and see why the MS was disabling Kaspersky. TL;DR Kaspersky sucks at doing updates.
Quote from The Verge:
~~
Windows 10 prompts to install a new version of anti-virus from third parties like Kaspersky after an update, but it disables the old version if it’s not compatible. “We first temporarily disabled some parts of the AV software when the update began,” explains Lefferts. “We did this work in partnership with the AV partner to specify which versions of their software are compatible and where to direct customers after updating."

Kaspersky has also accused Microsoft of not providing enough time to fully test its latest versions of Windows 10 to ensure existing software is compatible.
~~

what I said before is still fact.
 
The bug, discovered by Google Project Zero researcher Tavis Ormandy, was exploitable without user interaction.
According to Ormandy, all it took was either tricking the victim into visiting a malicious website hosting a specially crafted JS file, or sending a malicious file via email, messaging or as a download.
Click to expand...

Sooooo....it doesn't require user interaction, but it requires the user to click a link or open an e-mail message? So we're just going to pretend that isn't user interaction? Seriously....

Skidmarksdeluxe said:
"Microsoft patches critical flaw in Windows Defender".
I was hoping for something a bit more useful like being able to uninstall it and use an AV of our choice or at least scanning automatically when it detects no user activity for a while instead of nagging us to do a manual scan.
Click to expand...

Windows Defender only works as AV if you have no other AV installed. If you install a third party AV Windows Defender disables itself.
 
Teko03 said:
Sooooo....it doesn't require user interaction, but it requires the user to click a link or open an e-mail message? So we're just going to pretend that isn't user interaction? Seriously....



Windows Defender only works as AV if you have no other AV installed. If you install a third party AV Windows Defender disables itself.
Click to expand...
Defender is fine. I could most likely get away without using any AV just by using some common sense but rather safe than sorry. I am human after all and do make the odd, stupid mistakes.
 
Sooooo....it doesn't require user interaction, but it requires the user to click a link or open an e-mail message? So we're just going to pretend that isn't user interaction? Seriously....
Click to expand...

All you'd have to do is *send the e-mail to them*. Mail clients will automatically download e-mail. That means Defender will automatically scan it. No user interaction.
 
You must log in or register to reply here.

Similar threads

D
Google fixes critical Android flaw that could be exploited to hack your phone remotely
Replies
6
Views
288
envirovore
envirovore
D
Microsoft blames a bug for accidentally installing Copilot on Windows 11 devices
Replies
7
Views
94
LimyG
LimyG
midian182
Microsoft will use the Windows 10 Settings app to nag users into creating an online account
Replies
23
Views
124
MakeMSGreatAgain
M

Latest posts

Back