Massive vulnerability in Windows Defender leaves most Windows PCs vulnerable

by
Sebastian Anthony
from Ars Technica - All content on (#2NVK8)
GettyImages-154748438-800x541.jpg

Enlarge (credit: Timothy A. Clary/AFP/Getty Image)

A massive and rather embarrassing remote code execution vulnerability has been discovered in Microsoft's MsMpEng, the malware protection engine used by Windows Defender, Microsoft Security Essentials, Microsoft Forefront, and Microsoft Endpoint in almost every recent version of Windows (7, 8, 8.1, 10, and Server 2016). Notably, Windows Defender is installed by default on all consumer-oriented Windows PCs.

The exploit (officially dubbed CVE-2017-0290) allows for a remote attacker to take over a system without any interaction from the system owner: it's simply enough for the attacker to send an e-mail or instant message that is scanned by Windows Defender. Likewise, anything else that is automatically scanned by Microsoft's malware protection engine-websites, file shares-could be used as an attack vector.

Because MsMpEng runs at the highest privilege level and is so ubiquitous across Windows PCs, this vulnerability is about as bad as it gets. Fortunately, the security researchers who discovered it-Natalie Silvanovich and Tavis Ormandy of Google Project Zero-reported it responsibly, and last night Microsoft released a patch. MsMpEng automatically updates every 48 hours, so disaster has probably been averted. The security bulletin notes that Microsoft hadn't seen any public exploitation of the vulnerability.

Read 8 remaining paragraphs | Comments

index?i=wcQSmmESff0:c1LJdZsWKxQ:V_sGLiPB index?i=wcQSmmESff0:c1LJdZsWKxQ:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments