Microsoft swift to fix 'crazy bad' Windows Defender bug

by Mark Tyson on 9 May 2017, 10:02

Tags: Microsoft (NASDAQ:MSFT)

Quick Link: HEXUS.net/qadg7r

Add to My Vault: x

A couple of days ago Google Project Zero researchers alerted their Twitter followers, and Microsoft, of a 'crazy bad' Windows Defender bug. Tavis Ormandy said that he and Natalie Silvanovich had discovered "the worst Windows remote code exec in recent memory". In a follow up Tweet Ormandy told his followers that a remote code execution attack "works against a default (Windows) install," and that the attacker doesn't need to be on the same LAN to exploit this 'wormable' (potentially self-spreading) vulnerability.

To recap how big and how 'crazy bad' the Windows Defender bug was; it was possible for a hacker to craft a file that would have its malware payload executed by the built-in Windows anti-malware solution scanning it. Injected code could run with administrative privileges, so attackers could gain full control of the system, install spyware, steal or encrypt files, and so on. An attacker could IM or email you such a specially crafted file and even before you read the message the attachment could be wreaking havoc with your Windows PC system.

Microsoft's emergency security update arrived Monday night

Microsoft has responded rather quickly to being notified about the vulnerability by Google Project Zero. In Microsoft Security Advisory 4022344 it provides more details of the issues and of course a fix for the 'Microsoft Malware Protection Engine', at the heart of the problem.

Microsoft's advisory confirms the critical nature of the remote code execution flaw and how widespread it is - affecting Windows Defender in Windows 7, 8, 8.1, 10 default configurations as well as Microsoft's Endpoint and Forefront security software.

Your Windows PC should update within 48 hours of the security fix being issued (last night) but you can prompt an earlier install by manually checking via Windows Update. If the update has already completed you will have a Windows Defender engine version 1.1.13704.0 or higher.

Giving credit to Microsoft's swift action regarding this 'crazy bad' Windows Defender bug, Tavis Ormandy Tweeted a tribute to Redmond earlier this morning. "Still blown away at how quickly @msftsecurity responded to protect users, can't give enough kudos. Amazing." wrote the Project Zero researcher.



HEXUS Forums :: 6 Comments

Login with Forum Account

Don't have an account? Register today!
What if I don't use windows defender? Oh, that's right, you can't turn it off in win10.
aniilv
What if I don't use windows defender? Oh, that's right, you can't turn it off in win10.

you can?
aniilv
What if I don't use windows defender? Oh, that's right, you can't turn it off in win10.
No, you cannot… because Microsoft are out to take over the world, Apple are hipster idiots and Linux is the only option, etc etc…. :p

http://www.windowscentral.com/how-permanently-disable-windows-defender-windows-10
Well, you can if you permanently install an alternative antivirus. That said, I was nigh on furious when Windows itself started to complain I hadn't kept mine 100% up to date (these warnings occur whenever my antivirus wants to remind me to update, after a user-specified delay since last time) alongside the antivirus' own warning. (Terrible and frequently (as with right now :( ) broken internet requires this)
I'd hardly be blown away or amazed by the speed at which Microsoft released a fix. I would expect no less for a bug this severe that affects the built-in AV on every supported version of Windows - server *and* desktop.