ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Massive vulnerability in Windows Defender leaves most Windows PCs vulnerable

(1/5) > >>

Massive vulnerability in Windows Defender leaves most Windows PCs vulnerable

Microsoft on Monday patched a severe code-execution vulnerability in the malware protection engine that is used in almost every recent version of Windows (7, 8, 8.1, 10, and Server 2016), just three days after it came to its attention. Notably, Windows Defender is installed by default on all consumer-oriented Windows PCs.
The exploit (officially dubbed CVE-2017-0290) allows a remote attacker to take over a system without any interaction from the system owner: it's simply enough for the attacker to send an e-mail or instant message that is scanned by Windows Defender. Likewise, anything else that is automatically scanned by Microsoft's malware protection engine—websites, file shares—could be used as an attack vector. Tavis Ormandy, one of the Google Project Zero researchers who discovered the flaw, warned that exploits were "wormable," meaning they could lead to a self-replicating chain of attacks that moved from vulnerable machine to vulnerable machine.

--- End quote ---

Wow. That sounds pretty serious. :o

I just checked and it seems it's already been patched on my machine. :Thmbsup:

For those interested, here is the original Project Zero report:

Why is no action required to install this update?
In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.

For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Engine are kept up to date automatically. Microsoft Security Advisory 4022344
--- End quote ---

This is a pretty, pretty bad vulnerability, and I'm glad Natalie Silvanovich and Tavis Ormandy found it before it was wormed.

It's yet another example of why it's so bloody dangerous to run complex code in privileged (whether that's kernel-mode or "just" administrator/root privileges) accounts. Researches have generally called Windows defender the "least bad" security wise (3rd-party AV tools tend to do way too much stuff in kernelmode for their own good, and some of them fuck your browser security) - but obviously when something of this scale is found, it's terribad because of the scale of deployment.

Hopefully Microsoft will eventually get all the file-format parsing, untrusted code evaluation (etc.) for antimalware running in a non-privileged sandbox.

EDIT: kudos to Microsoft for fixing this very fast. Four day turnaround.

I think I suffered a few weeks ago.
It was hard to solve it, just because i am a little unable to restore an image and try always to save the original system.
I even have now some rests


[0] Message Index

[#] Next page

Go to full version