Windows Bug Found By Project Zero Researchers

A zero-day vulnerability in Microsoft Windows malware scanners, such as Defender, could have allowed hackers to take control of Windows computers with a single email… that users might not even have read. The vulnerability was quickly named as possibly the worst Windows remote code execution flaw in years.

The speed at which Microsoft patched the anti-malware bug only shows to highlight just how serious the Redmond based company was taking the vulnerability, especially in light of the fact it was only discovered days ago.

Google Project Zero

The flaw was found, and then disclosed last weekend by the Google Project Zero security team members of Natalie Silvanovich and Tavis Ormandy. Ormandy has become infamous in the last few years for consistently discovering major bugs and weaknesses in tech companies products and software, and then tweeting about them. “I think @natashenka and I just discovered the worst Windows remote code exec in recent memory. This is crazy bad. Report on the way,” Ormandy tweeted.

Hackable exploit in anti-virus software?

Yes.

The problem resided in Microsoft’s Malware Protection Engine, primarily used by Windows Defender and other MS based security products. The issue meant that Windows Defender could be exploited by hackers by simply sending an email. The recipient wouldn’t even have to read the mail for the hacker to successfully take control of their computer.

Real time protection and infection

Anti-virus software such as Windows Defender and others now routinely offer and use the sensible Real time protection option. Normally, this should be considered a sensible and best practice solution. But the flaw in MS anti-malware meant that Defender et al, would merely have to scan the malicious content for the exploit to be triggered. Which is quite scary.

Record fix?

Probably not, but the MS response was fast, and a fix was released separate too Microsoft’s regular monthly super patch Tuesday update.

Windows 8, 8.1, 10 and Windows Server operating systems are all affected by the bug. That said, the Microsoft Malware scanner should automatically update itself the next time it runs a scan, all by itself. Users can update manually as well, if they so desire, without having to install other updates.

“The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file,” said a spokesperson for Microsoft.

Kudos where Kudos is due

Ormandy himself was impressed at the speed with which MS responded and fixed the issue, tweeting that he had been blown away by Microsoft on the issue.

Protect your PC – download the latest security software now – for free – right here on FileHippo.