Potentially critical vulnerability addressed with Windows Defender fixBy Robin-Leigh Chetty 9 May 2017 | Categories: news
While many of us were enjoying sport or time with friends and family over the weekend, two Google Project Zero researchers made a significant discovery in Microsoft's Windows Defender system. Tweeting out the find, Tavis Ormandy and Natalie Silvanovich, described it as, "the worst Windows remote code exec in recent memory."
I think @natashenka and I just discovered the worst Windows remote code exec in recent memory. This is crazy bad. Report on the way. 🔥🔥🔥— Tavis Ormandy (@taviso) May 6, 2017
The vulnerability deals with the anti-malware engine residing within Windows Defender, which is designed to scan files on a user's computer. The issue arises from the anti-malware engine being able to be tricked into executing code that could potentially target a machine and even replicate itself, spreading to other machines on the same network.
To Microsoft's credit, they acted promptly to when the issue was raised, with the company's Security Response team rolling out a fix to users that Windows Defender would update automatically. To ensure your Microsoft device is protected against this latest discovery, check that the engine version is 1.1.13704.0 or better.
Just released malware protection engine update to— Security Response (@msftsecresponse) May 9, 2017
address RCE vuln – Defender will autoupdate. https://t.co/rzn5QWo6sV
Most Read Articles
Have Your Say
What new tech or developments are you most anticipating this year?