Microsoft patches major vulnerability in Defender malware protection software

Microsoft logo outside

Microsoft has released a patch to fix a major vulnerability in its Defender malware protection software. Defender is used in almost every recent version of Windows (7 and onwards) and is installed by default on consumer PCs.

With the exploit, officially dubbed CVE-2017-0290, remote attackers could take over a system without needing to interact with the computer’s owner. Therefore, anything that is scanned by Windows Defender — e-mails, instant messages, websites, shared files, etc — were all possible attack vectors.

Two security researchers from Google Project Zero, Natalie Silvanovich and Tavis Ormandy, discovered the problem last week and reported it to Microsoft, who released the patch three days later. Ormandy called the exploit “the worst Windows remote code exec in recent memory” on Twitter. In a subsequent tweet, he that an attack “works against a default install, don’t [sic] need to be on the same LAN.”

He also noted that the exploit was “wormable,” meaning that attacks could become self-replicating and transfer between vulnerable machines.

Windows PC users can see if their devices have been updated by heading to ‘Windows Defender settings’ and note the Engine version number, with 1.1.13704.0 or higher meaning the latest patch has been installed.

In other data security news, software company Symantec released its annual Internet Security Threat Report on Monday, revealing that Canada was the third-highest country for data breaches in 2016.

Via: Ars Technica