Becky
Webmistress
- Joined
- Mar 25, 2003
- Messages
- 7,424
- Reaction score
- 1,511
Microsoft have released a security update which patches a serious vulnerability in their Microsoft Malware Protection Engine, which is relevant for anyone using Windows Defender on Windows 10. The security flaw meant that if Windows Defender even scanned specific malware, the PC could be compromised. ZDNet has more:
Read more here.
Google Project Zero researcher Thomas Dullien, aka Halvar Flake, discovered that attackers can trigger a memory-corruption issue in the engine if they can get Windows Defender and other affected security products to scan a specially-crafted file.
Microsoft warns there are many ways an attacker could achieve this, including placing the file on a website, in an email or instant message, on any site that hosts files, or in a shared directory.
As with similar vulnerabilities reported last year by the UK's National Cyber Security Centre (NCSC) and Project Zero, an attack would be instant if the affected antivirus has real-time protection enabled.
"If the affected anti-malware software has real-time protection turned on, the Microsoft Malware Protection Engine will scan files automatically, leading to exploitation of the vulnerability when the specially crafted file is scanned," Microsoft notes.
Read more here.