Microsoft has released an emergency patch to fix a critical vulnerability in its antimalware protection engine (mpengine.dll), the same detection and cleanup component used by company security programs, such as Windows Defender and Microsoft Security Essentials .
The ruling was discovered by Thomas Dullien, a Google Project Zero investigator. Exploiting the bug is extremely trivial , the attacker only has to make a malicious file scanned by the protection engine, something that Windows Defender automatically does with all the files that enter the system.
If the attacker adds that file as an attachment to an email for example, or within JavaScript files on a website that the victim visits, or simply through an instant messaging client, once the anti-malware protection engine scans it, the system can be in complete control of the attacker.
Microsoft solved the problem and it is important to update immediately, Windows Defender updates are usually enabled by default. You can check in the Settings (Windows key + I) by going to the Windows Defendersection and look at the engine version .
If you have version 1.1.14700.5 you are protected. If for some reason you have disabled automatic updates (something you should never do for your safety), activate them again and update your system.
In Windows 10, Windows Defender is active by default, so it is vulnerable by default to this failure. The good thing is that the patch must be arriving today to all computers with that version of the operating system. If you do not use Windows 10 but have Windows Defender or Microsoft Security Essentials installed, you must update manually .
This is the fourth critical Windows Defender bug in about a year . We had already reported three previous discoveries in two consecutive months by Google Project Zero researchers. A flaw that also coincides with Microsoft taking full advantage of the security and expansion achieved with Windows Defender , an antivirus that already covers more than 50% of the market in companies.
And it is that Windows Defender seems to be very good at blocking threats, the problem is when the threat is itself.
About2ZF77
