Critical Flaw in Windows Defender Patched by Microsoft
A devastating vulnerability in Windows Defender, Microsoft’s flagship antivirus software, has been patched. The flaw, which allowed attackers to remotely execute code on a victim’s machine, was discovered by security researcher Halvar Flake and reported to Microsoft.
The Vulnerability: A Memory Leak in the Malware Engine
The vulnerability, identified as CVE-2018-0986, was present in the latest version of Windows Defender, Security Essentials, Exchange server, endpoint protection, and endpoint protection Intune frontier Microsoft Malware Protection Engine (1.1.14700.5). An attacker could exploit this vulnerability by tricking the victim into scanning a malicious .rar file, which would trigger a memory leak in the malware engine. This would allow the attacker to smuggle malicious code into the file system, granting them complete control over the victim’s machine.
The Root Cause: A Modified Fork of the Open-Source Unrar Tool
The vulnerability can be traced back to an older version of the open-source archiving tool unrar, which was used by Microsoft for decompressing .rar files. Microsoft had modified the forked code, converting signed integer variables to unsigned variables, which caused chain problems when comparing mathematical values. This modification made the software vulnerable to memory corruption, leading to the collapse of the anti-virus package or allowing malicious code execution.
The Patch: Update Windows Defender and Malware Protection Engine
Microsoft has now patched the vulnerability in the latest version of Windows Defender. Users and administrators are advised to update their copies of Windows Defender and malware protection engine as soon as possible. The update should already be installed, or has been automatically installed on the device.
The Importance of Keeping Software Up-to-Date
As security researcher Tavis Ormandy noted, “In short, users and administrators should update their copies of Windows Defender and malware protection engine as soon as possible.” This vulnerability highlights the importance of keeping software up-to-date, as outdated versions can be exploited by attackers.
Update Your Windows Defender and Malware Protection Engine Now
To protect yourself and your organization from this vulnerability, update your Windows Defender and malware protection engine immediately. This will ensure that you have the latest security patches and are protected from this critical flaw.