Microsoft patches Defender antivirus zero-day exploited in the wild

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,777
Microsoft has addressed a zero-day vulnerability in the Microsoft Defender antivirus, exploited in the wild by threat actors before the patch was released.

Zero-days are vulnerabilities actively exploited in the wild before the vendor issues an official patch or bugs that have publicly available proof-of-concept exploits.

The zero-day patched today by Microsoft is being tracked as CVE-2021-1647 and it is a remote code execution (RCE) found in the Malware Protection Engine component (mpengine.dll).
Click to expand...
Defender security update installs automatically

Redmond's advisory also adds that customers don't need to take any action to install the CVE-2021-1647 security update as it will install automatically on systems running vulnerable Microsoft Defender versions.

"In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine," Microsoft says.

Microsoft Defender keeps both the Malware Protection Engine (the component used for scanning, detection, and cleaning) and malware definitions automatically up to date for both enterprise deployments as well as end-users.

Usually, Microsoft Malware Protection Engine updates are released once a month or when needed to protect against newly discovered threats while malware definitions are updated three times per day.

Even though Microsoft Defender can check for engine and definition updates several times a day, users can also manually check at any time if they want to immediately install the security update.
Click to expand...
www.bleepingcomputer.com

Microsoft patches Defender antivirus zero-day exploited in the wild

Microsoft has addressed a zero-day vulnerability in the Microsoft Defender antivirus, exploited in the wild by threat actors before the patch was released.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • Thanks
Reactions: Fel Grossi, ForgottenSeer 89360, shmu26 and 15 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,875
From that article:
Microsoft says that a proof-of-concept exploit for this zero-day is available, although exploitation might not be possible on most systems or the PoC might fail in some situations.

The last Microsoft Malware Protection Engine version affected by this vulnerability is version 1.1.17600.5. The zero-day was addressed in version 1.1.17700.4.

More details on how to verify the Malware Protection Engine version number are available here. Systems that aren't affected by this vulnerability should run Microsoft Malware Protection Engine version is 1.1.17700.4 or later.

"Customers should verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded and installed for their Microsoft antimalware products," Microsoft says.
Click to expand...
 
  • Like
  • Thanks
  • +Reputation
Reactions: Fel Grossi, Minimalist, ForgottenSeer 89360 and 13 others
F

ForgottenSeer 89360

www.blumira.com

Critical Microsoft Defender Vulnerability (CVE-2021-1647)

Stay secure with Microsoft Defender updates. Learn about CVE-2021-1647 and patch vulnerabilities to protect your systems effectively.
www.blumira.com www.blumira.com
Microsoft’s Patch Tuesday monthly security patches includes one for the Microsoft Defender antivirus, exploited prior to patch release. This allows an attacker to execute code on vulnerable devices, where Defender is installed.

Details at a glance: CVE-2021-1647​

  • This vulnerability has been exploited in the wild.
  • Low or no privileges are required for attack success.
  • User interaction is not required.
  • There is a critical impact to confidentiality, availability, and integrity of exploited systems.
Click to expand...
 
Last edited by a moderator:
  • Like
  • +Reputation
  • Thanks
Reactions: harlan4096, silversurfer, Protomartyr and 9 others

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Security News Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws
Replies
2
Views
473
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
New Update Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks
Replies
1
Views
635
macOS, iOS & iPadOS
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
    • Applause
Security News Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws
Replies
1
Views
921
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top