Critical flaw that let hackers remotely access PCs patched by Microsoft

Critical flaw that let hackers remotely access PCs patched by Microsoft

Microsoft has patched a critical flaw in its Malware Protection Engine that allowed hackers to remotely gain access to computers.

The critical flaw was reported to Microsoft by Google's Project Zero team and was quietly patched by the software giant last week.

Microsoft Security Essentials is an anti-malware programme and is part of Microsoft's Windows 10 and Windows 10 Creators Update operating systems. A critical flaw in the programme allowed hackers to activate remote code execution which in turn allowed them to infiltrate systems.

Microsoft delayed roll-out of free WannaCry patch until Friday

The flaw was first discovered by Google's Project Zero team and was patched by Microsoft on May 24. "MsMpEng includes a full system x86 emulator that is used to execute any untrusted files that look like PE executables. The emulator runs as NT AUTHORITY\SYSTEM and isn't sandboxed," noted Tavis Ormandy, a member of Google's Project Zero team.

Ormandy also mentioned in his blog that Microsoft had quietly patched the said flaw on May 24, but did not comment on whether the patch was exploited by hackers.

French researchers create new tool to protect computers from WannaCry ransomware

The news comes not long after Microsoft fixed a critical flaw in Windows Defender which allowed hackers to use the anti-virus engine itself to install malware on affected PCs. The said vulnerability was present in various iterations of Microsoft's own anti-malware engine. These engines are installed by default on all Windows 8, 8.1, 10, and Windows Server 2012 PCs across the world and include the likes of Windows Defender, Microsoft System Center Endpoint Protection, Microsoft Security Essentials and Microsoft Endpoint Protection.

"The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system," said Microsoft's security team.

Microsoft fixes critical Windows Defender bug that allowed hackers to take over Windows PCs

Earlier this month, a flawed security update to Webroot, an antivirus programme for Windows, impacted Windows computers running all versions of the operating system. The flawed antivirus update identified Windows programmes and other legitimate apps as malware and shut them down, thereby crippling computers around the globe.

Copyright Lyonsdown Limited 2021

Top Articles

Facebook's lawsuit against ban on EU-US data transfers dismissed

The High Court in Ireland has dismissed Facebook's lawsuit against the Irish DPC's decision to ban it from transferring the data of EU residents to the US.

DarkSide extracts $4.4m ransom from German chemical distribution company

The DarkSide ransomware group extracted a ransom payment of $4.4 million in Bitcoin from Brenntag, a German chemical distribution company.

HSE ransomware attack: All you need to know

Ireland's HSE suffered a Conti ransomware attack that forced it to shut down all IT systems, and cancel non-essential appointments.

Related Articles