Microsoft Fixes Serious Windows Defender Bug, Update Now

Gwen Vasquez
May 10, 2017

Last week, Microsoft announced a new SKU of Windows called Windows 10 S and after pondering how this new version of the OS fits into Microsoft's overall roadmap for the platform, it seems logical to conclude company is finally going to go all-in on UWP with Windows for desktop users.

"Administrators of enterprise antimalware deployments should ensure that their update management software is configured to automatically approve and distribute engine updates and new malware definitions", Microsoft said in its advisory.

Microsoft patched a critical vulnerability in the Microsoft Malware Protection Engine present in Windows Defender, Microsoft Security Essentials, and other tools. Addressing the discovery in a security advisory this week, Microsoft confirmed that successful exploitation would see the attacker "take control of the system".

"Vulnerabilities in MsMpEng are among the most severe possible in Windows, due to the privilege, accessibility, and ubiquity of the service", Ormandy wrote. The engine is supposed to scan files for issues, but it could be tricked by hackers into executing code included in an instant message or email, notes Engadget. He tweeted on Friday, without revealing specifics or the affected product, that he and Silvanavich had found "the worst Windows remote code exec in recent memory".

Microsoft recommends users to stick with the Windows Update automatic method which prevents any compatibility issue that might be experienced. The engine, known as MsMpEng, is over-privileged and un-sandboxed, according to Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich. If Windows 10 S does catch on and becomes a viable version of Windows for the masses, the likelihood of Microsoft dropping Windows 10 Home increases. The bug was found by Google's Project Zero researchers, who in the past have been at the centre of various high-profile disclosures. Qualcomm says the first laptops running Windows with ARM chipsets won't arrive until Q4 later this year, but we still expect Microsoft to detail what type of Windows 10 will power these machines.

More news: US approves heavier weapons for Syrian Kurds

Tomorrow is also May's "Patch Tuesday", the month's release of security updates for Microsoft's products.

Anyone using Windows 8, 10 and Windows Server operating systems could be affected by the bug and should now check for the security update.

Microsoft said the current risk to Windows users is relatively low because the patch will be automatically installed within the next couple of days.

NScript is the component of mpengine that evaluates any filesystem or network activity that looks like JavaScript. In order to check out their version of the Windows OS, users can open the Settings application and move to Update and Security and then Windows Defender to search for the Engine version. NScript isn't sandboxed and runs at a very high privilege level, and it's used to evaluate untrusted code by default on nearly every modern Windows system. It said there was no evidence it has been exploited by attackers. "This is as surprising as it sounds".

Other reports by LeisureTravelAid

Discuss This Article