Microsoft has issued a security patch to address a major vulnerability in Windows Defender, the anti-malware utility that is installed and activated by default with Windows.
The security flaw allowed attackers to take over computers remotely. Windows 7, 8, 8.1, 10, and Server 2016 systems were affect by the flaw, Microsoft says.
The malicious code was able to take control of users’ systems as Windows Defender scanned malicious emails or instant messages. The vulnerability could put remote attackers in charge of users’ systems without requiring users to take any action.
Windows Defender enjoys the highest security and privilege level on users’ machines. If it is exploited, attackers can do whatever they like with the system.
The flaw was detected by Google Project Zero’s Tavis Ormandy and Natalie Silvanovich. According to Ormandy, the exploit is “the worst Windows remote code exec in recent memory.” He noted, too, that the exploit is “wormable,” which means it could reproduce itself across a network of unpatched systems.
Microsoft rushed to push an emergency update to users within days of learning of the vulnerability. The patch should be installed on users’ systems automatically, Microsoft says, through the routine Windows Defender update process.
To see if your system is protected, open the Settings app from the Windows Start menu. Click on Updates and Security, then select Windows Defender from the sidebar. If Windows Defender is running version 1.1.13704.0 or higher, your machine has been patched. If not, simply run Windows Defender, navigate to the Update tab, and select “Update definitions.”