Critical flaw that let hackers remotely access PCs patched by Microsoft
May 31, 2017
Microsoft has patched a critical flaw in its Malware Protection Engine that allowed hackers to remotely gain access to computers.
The critical flaw was reported to Microsoft by Google's Project Zero team and was quietly patched by the software giant last week.
Microsoft Security Essentials is an anti-malware programme and is part of Microsoft's Windows 10 and Windows 10 Creators Update operating systems. A critical flaw in the programme allowed hackers to activate remote code execution which in turn allowed them to infiltrate systems.
The flaw was first discovered by Google's Project Zero team and was patched by Microsoft on May 24. "MsMpEng includes a full system x86 emulator that is used to execute any untrusted files that look like PE executables. The emulator runs as NT AUTHORITY\SYSTEM and isn't sandboxed," noted Tavis Ormandy, a member of Google's Project Zero team.
Ormandy also mentioned in his blog that Microsoft had quietly patched the said flaw on May 24, but did not comment on whether the patch was exploited by hackers.
The news comes not long after Microsoft fixed a critical flaw in Windows Defender which allowed hackers to use the anti-virus engine itself to install malware on affected PCs. The said vulnerability was present in various iterations of Microsoft's own anti-malware engine. These engines are installed by default on all Windows 8, 8.1, 10, and Windows Server 2012 PCs across the world and include the likes of Windows Defender, Microsoft System Center Endpoint Protection, Microsoft Security Essentials and Microsoft Endpoint Protection.
"The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system," said Microsoft's security team.
Earlier this month, a flawed security update to Webroot, an antivirus programme for Windows, impacted Windows computers running all versions of the operating system. The flawed antivirus update identified Windows programmes and other legitimate apps as malware and shut them down, thereby crippling computers around the globe.