Malware, Patch/Configuration Management, Vulnerability Management

Microsoft Windows Defender flaw found and fixed


Microsoft has issued an advisory and patched a remote code execution vulnerability in its Microsoft Malware Protection Engine after the flaw was spotted by a Google Project Zero bug hunter.

The critical vulnerability, CVE-2017-8558, was patched on June 23 for Windows Defender in the 32- and 64-bit versions of Windows Server 2008, Windows 10, 8.1, and 7. It was discovered by Tavis Ormandy, reported.

“To exploit this vulnerability, a specially crafted file must be scanned by an affected version of the Microsoft Malware Protection Engine,” Microsoft wrote, adding the specially crafted file could be sent via a website through a drive by attack, email, instant message or through a website that hosts user-provided content.

The vulnerability actually kicks in when Windows Defender begins to do its job of scanning for potential problems.

“If the affected antimalware software has real-time protection turned on, the Microsoft Malware Protection Engine will scan files automatically, leading to exploitation of the vulnerability when the specially crafted file is scanned. If real-time scanning is not enabled, the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited,” Microsoft wrote.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.