This is scary… especially for a piece of software that ships pre-installed with Windows 10! I use Defender on all my home PC’s, not to mention System Center Endpoint Protection (SCEP) runs on every Windows device on the network at work. Thankfully, the issue was told to Microsoft and they patched it in a very short time before the breach was released in the wild and someone took advantage of it. Tip of the hat to Microsoft for a quick and decisive reaction and patch!
PCs can be compromised when Defender scans an e-mail or IM; patch has been issued.
Microsoft on Monday patched a severe code-execution vulnerability in the malware protection engine that is used in almost every recent version of Windows (7, 8, 8.1, 10, and Server 2016), just three days after it came to its attention. Notably, Windows Defender is installed by default on all consumer-oriented Windows PCs.
The exploit (officially dubbed CVE-2017-0290) allows a remote attacker to take over a system without any interaction from the system owner: it’s simply enough for the attacker to send an e-mail or instant message that is scanned by Windows Defender. Likewise, anything else that is automatically scanned by Microsoft’s malware protection engine—websites, file shares—could be used as an attack vector. Tavis Ormandy, one of the Google Project Zero researchers who discovered the flaw, warned that exploits were “wormable,” meaning they could lead to a self-replicating chain of attacks that moved from vulnerable machine to vulnerable machine.
Microsoft’s speed in issuing an automatic patch was impressive. Word of the critical flaw first surfaced in a Friday night series of tweets by Ormandy. He called it “the worst Windows remote code exec in recent memory” and warned that an attacks “work against a default install, don’t need to be on the same LAN, and it’s wormable.” Most security experts assumed Microsoft would require several weeks to patch it. To their surprise, Microsoft pushed out the patch Monday evening.
Discover more from Jake's Blog
Subscribe to get the latest posts sent to your email.