Microsoft just fixed a serious Windows Defender bug

9 May 2017
Comments Comments Off on Microsoft just fixed a serious Windows Defender bug
9 May 2017, Comments Comments Off on Microsoft just fixed a serious Windows Defender bug

Over the weekend, Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich tweeted about discovering “the worst Windows remote code exec in recent memory.” According to Ormandy, it could work against a default installation and even become “wormable” — able to replicate itself on a targeted machine and then spread to other computers automatically.

Now we know more about what the problem is since, in just two days, Microsoft’s Security Response Center and Windows Defender developers were able to come up with a fix that is now available via Windows Update for Windows 7, 8.1, RT and 10 (according to Microsoft, the Control Flow Guard security feature lowers the risk of this attack on 8.1 and 10), as well as other versions that IT professionals may be more familiar with.

As described by the Project Zero team, the problem resided in Microsoft’s antimalware protection engine, which is supposed to scan files for issues, but could be tricked into executing code included in an email, on a webpage or in an instant message. Now that it’s patched, your Windows computer should download the updated version automatically within the next day or two.

If you’re in a hurry, you can punch the update button and get it manually, likely without a reboot — just check your Windows Defender settings to make sure it has an engine listed with version 1.1.13704.0 or higher.

[Source: Engadget]

What next?

To arrange for one of our technicians assist with rolling out this patch to all your systems or to discuss your IT Security, please call us today on 01793 295000 to speak to an expert member of our team.

Comments are closed.

Bitnami