Microsoft Patches Windows Defender Security Flaw

Technology

Vulnerability allowed attackers to take control of victims’ computers remotely.

Microsoft has issued a security patch to address a major vulnerability in Windows Defender, the anti-malware utility that is installed and activated by default with Windows.

The security flaw allowed attackers to take over computers remotely. Windows 7, 8, 8.1, 10, and Server 2016 systems were affect by the flaw, Microsoft says.

The malicious code was able to take control of users’ systems as Windows Defender scanned malicious emails or instant messages. The vulnerability could put remote attackers in charge of users’ systems without requiring users to take any action.

Microsoft says the exploit is based on the NScript component of MsMpEngine, which is a core process of Windows Defender. NScript is intended to analyze JavaScript, but researchers discovered that it could be controlled using a few lines of JavaScript from a website, email, instant message, or any other data source scanned by Windows Defender.

Windows Defender enjoys the highest security and privilege level on users’ machines. If it is exploited, attackers can do whatever they like with the system.

The flaw was detected by Google Project Zero’s Tavis Ormandy and Natalie Silvanovich. According to Ormandy, the exploit is “the worst Windows remote code exec in recent memory.” He noted, too, that the exploit is “wormable,” which means it could reproduce itself across a network of unpatched systems.

Microsoft rushed to push an emergency update to users within days of learning of the vulnerability. The patch should be installed on users’ systems automatically, Microsoft says, through the routine Windows Defender update process.

To see if your system is protected, open the Settings app from the Windows Start menu. Click on Updates and Security, then select Windows Defender from the sidebar. If Windows Defender is running version 1.1.13704.0 or higher, your machine has been patched. If not, simply run Windows Defender, navigate to the Update tab, and select “Update definitions.”