Microsoft just rolled out the latest security updates to fix a critical remote code execution vulnerability that was affecting Windows Defender and more antiviruses. The flaw led to compromising your Windows machine by simply scanning a specially crafted file.
Microsoft has released patches for the vulnerability that highly affected the Microsoft Malware Protection Engine aka mpengine.dll which is the core of Windows Defender in Windows 10.
Microsoft warns users about the critical vulnerability
The company released a warning saying that “An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system.”
The company continued and explained the fact that “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Thomas Dullien who is Google Project Zero’s researcher was the one who found out that cyber attackers are able to trigger a memory-corruption problem in the engine if the make Windows Defender and other security software scan a specifically developed file.
There are various ways in which attackers can act
According to Microsoft, attackers can act in multiple ways to achieve the result. For instance, they can place the file on a particular website, in an instant message or an email. They can also put it in a shared directory.
The attack would be an instant one of the antivirus that has been affected has its real-time protection feature enabled.
According to Microsoft, if the real-time protection is not enabled, the attacker would have to wait until a scheduled scan occurs so that the vulnerability could get exploited.
The company warns that all systems that are running an affected version of the antivirus software are at high risks.
Windows Defender for all Windows versions and Windows Server is affected. Microsoft promised that end-users should receive the fixed version of the Microsoft Malware Protection as soon as possible.