Microsoft Fixes Serious Windows Defender Bug, Update Now
After getting the news of a “crazy bad” exploit from Google’s Project Zero, Microsoft’s Security Response Center deployed a fix that is available now.
Over the weekend, Google’s Project Zero researcher Tavis Ormandy and Natalie Silvanovich tweeted about discovering what Tavis referred to as “the worst Windows remote code exec in recent memory. This is crazy bad.” This bug could work against a default installation and become a worm that can replicate itself and spread to other computers automatically.
I think @natashenka and I just discovered the worst Windows remote code exec in recent memory. This is crazy bad. Report on the way. 🔥🔥🔥
— Tavis Ormandy (@taviso) May 6, 2017
Microsoft Security Advisory 4022344 says:
The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system.
Check for Updates
Two days after getting the news of the exploit Microsoft’s Security Response Center and Windows Defender developers deployed a fix that is now available via Windows Update. The versions of Windows affected by this bug are Windows 7, 8.1, RT, and Windows 10. It also affects other anti-malware software typically used by IT departments like Microsoft Forefront Security for SharePoint Service Pack 3, Windows Intune Endpoint Protection, and others.
According to the advisory, you should get the update automatically in the background within the next 48 hours, but if you want to stay on top of things head to Settings > Update & security and check for update.
To make sure you have the latest update, head to Settings > Windows Defender and scroll down to the Version info section and make sure your Engine version is 1.1.13704.0 or higher.
Project Zero researchers find security issues and report them to Microsoft to repair within 90 days before Google goes public with detailed information. Ormandy didn’t reveal any specifics of the exploit yet and details about the issue are scarce. Still, it’s good to see Microsoft was able to patch the problem in such a short period of time.
Update: Google has released the vulnerability report on the Project Zero website.
3 Comments
Leave a Reply
Leave a Reply
Holly
May 9, 2017 at 8:02 am
Thanks for this, I’m not on windows auto installs ever since I removed Windows 10
Mr Brian Phillips
May 9, 2017 at 12:23 pm
Thank you for the heads up on this serious problem, I will be updating after sending this message.
quikfiix
May 9, 2017 at 4:41 pm
Thanks for heads up. My auto install is set for just narrow time window and needed this along with 3 other bits.