Defender Needs Upgrade Because of Flaw
Posted by: Timothy Weaver on 06/27/2017 04:36 PM
[
Comments
]
If you rely on Microsoft Defender to protect your system, it's time to do an update.
Microsoft has issued an advisory and a patch for a flaw in its Malware Protection Engine after the flaw was found by a Google Project Zero bug hunter.
Affecting Windows 32- and 64-bit versions of Windows Server 2008, Windows 10, 8.1, and 7, the flaw was patched June 23rd.
Microsoft wrote: “To exploit this vulnerability, a specially crafted file must be scanned by an affected version of the Microsoft Malware Protection Engine.”
Hackers could exploit the flaw via website through a drive by attack, email, instant message or through a website that hosts user-provided content.
The problem doesn't kick in until the program begins to scan the system.
Microsoft wrote: “If the affected antimalware software has real-time protection turned on, the Microsoft Malware Protection Engine will scan files automatically, leading to exploitation of the vulnerability when the specially crafted file is scanned. If real-time scanning is not enabled, the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited.”
Source: SCMagazine
Microsoft has issued an advisory and a patch for a flaw in its Malware Protection Engine after the flaw was found by a Google Project Zero bug hunter.Affecting Windows 32- and 64-bit versions of Windows Server 2008, Windows 10, 8.1, and 7, the flaw was patched June 23rd.
Microsoft wrote: “To exploit this vulnerability, a specially crafted file must be scanned by an affected version of the Microsoft Malware Protection Engine.”
Hackers could exploit the flaw via website through a drive by attack, email, instant message or through a website that hosts user-provided content.
The problem doesn't kick in until the program begins to scan the system.
Microsoft wrote: “If the affected antimalware software has real-time protection turned on, the Microsoft Malware Protection Engine will scan files automatically, leading to exploitation of the vulnerability when the specially crafted file is scanned. If real-time scanning is not enabled, the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited.”
Source: SCMagazine
Comments
