Security News Microsoft Quietly Kills Another Gaping Hole in Windows Defender

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
some quotes from the article:

Exploitation is ridiculously simple
Exploiting this flaw is ridiculously simple as it requires an attacker to send a malformed file to the victim via various methods: email, chat message, file download, or trick the victim into accessing a malicious website hosting a weaponized JS file.


There's no user interaction needed, as the MsMpEng will immediately scan new content arriving on the user's PC, and the attacker will gain immediate control over the target's system.

This is a big issue because the Malware Protection Engine has been shipped as a built-in service in all Windows OS versions since Windows 7, and is a core component of a series of Microsoft security products such as Windows Defender, Microsoft Security Essentials, Microsoft Endpoint Protection, Windows Intune Endpoint Protection, and Microsoft Forefront Endpoint Protection. The bug would allow an attacker to crash and bypass these security products.

In an advisory, Microsoft said all above-listed products are affected by this issue. The OS maker patched this vulnerability via a silent update to the Malware Protection Engine in version 1.1.13903.0.

The Microsoft Malware Protection Engine silently updates itself, so no user interaction is needed unless the user has specifically blocked updates via update management software.

Bug would have been worth millions of dollars
All these bugs are dangerous because they allow attackers to crash or bypass security services and take over user's systems. An issue like, if sold on hacking forums, would have pocketed authors millions of dollars, allowing a secret door into any Windows computer on Earth.


Ormandy says he discovered this bug using a technique called fuzzing, which takes random data and feeds it into a program's input to test how the software reacts and exposing bugs.


On Friday, Microsoft rolled out an out-of-band security update that patched a major security flaw in the Microsoft Malware Protection Engine (MsMpEng), a core security service part of the Microsoft ecosystem.

The bug, tracked as CVE-2017-8558, affects the x86 emulator included with the Malware Protection Engine and was discovered by Google Project Zero researcher Tavis Ormandy.

According to a technical write-up by Ormandy, the vulnerability allows an attacker to execute code on a user's computer, gain LocalSystem privileges, and take over the victim's PC.
 
F

ForgottenSeer 58943

This is as bad as it looks IMO.

I would never recommend anyone use Windows Defender, the threat surface is too high, it's too juicy of a target. Also, I've never found it to be competent protection, even with their recent improvements. Then there is the telemetry it would gather. Also, doesn't MS work with FireEye (CIA Partner/Invested) on Windows Defender?
 
  • Like
Reactions: Handsome Recluse

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top