A serious vulnerability in Windows Defender has been patched in 2 days
The security team at Google Project Zero found a vulnerability in the Antimalware Service Executable (MsMpEng), which is enabled by default on all Windows 8, 8.1, 10 and server versions: 2012 and 2016, with the difference that in Windows Server 2012 Windows Defender antivirus is not available.
For end users, this means that both Windows Defender and Microsoft Security Essentials and a central console for System Center Endpoint Protection companies, as well as other MS products using the same core were susceptible to remote execution of arbitrary code. For example, on workstations it was possible to execute commands with the highest permissions (NT AUTHORITY \ SYSTEM) by providing the victim system with a link to download the attachment in the browser, messenger, in an e-mail.
The attached proof of concept is a failure to MsMpEng in the default configuration and possibly destabilize your system. Care Extra care Extra care Extra Windows Extra Windows Extra Windows Extra Windows Extra Extra Extra. IIS, and so on.
This is just an example of using an exploit developed by Natalie Silvanovich and Tavis Ormanda from the Google Project Zero team.
Most importantly, unauthorized code execution was possible without opening the attachment. The anti-malware service included vulnerability, which gave the attacker access to a part of the Microsoft antivirus engine responsible for scanning everything that gets to the protected system regardless of the source: browser, messenger, e-mail, USB, etc.
Microsoft released the update 2 days after the notification and it is now available in Windows Update.
Learn more about our offer
We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.