A few days after security researchers discovered a massive flaw in Microsoft’s malware protection engine Windows Defender — which is used in almost every recent version of Windows — the company has issued a fix that it believes will keep attackers out.
Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich discovered an exploit dubbed CVE-2017-0290 that lets an attacker remotely access any system without any interaction from the user, reports Ars Technica.
All the hacker has to do is send an email or instant message that is scanned by Windows Defender — you don’t have to open it or click anything. Anything else that’s scanned automatically by Windows Defender — like a website — could also be used by attackers.
Ormandy said on Friday that the bug could be “the worst Windows remote code exec in recent memory. This is crazy bad.”
He also noted that the vulnerability could be workable, meaning it could continue to replicate itself inside the PC once it’s there.
“The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file,” Microsoft says. “An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system.”
PC users can click on “Windows Defender settings” to see if their machine has been updated: Engine version number 1.1.13704.0 or higher means the patch has been installed and you should be safe from this particular vulnerability.
While this could’ve proven really bad for basically anyone who uses a consumer-oriented PC, Ars notes that the speed with which the patch was released should go a long way to prevent widespread problems. Isn’t it nice to see Google and Microsoft working well together?
by Mary Beth Quirk via Consumerist