Microsoft fixes critical Windows Defender bug that allowed hackers to take over Windows PCs

Microsoft fixes critical Windows Defender bug that allowed hackers to take over Windows PCs

Microsoft fixes critical Windows Defender bug that allowed hackers to take over Windows PCs

Microsoft has fixed a vulnerability in Windows Defender which allowed hackers to use the anti-virus engine itself to install malware in affected PCs.

A security flaw in Windows Defender allowed hackers to infiltrate PCs and install malicious malware and spyware protected by administrative privileges.

The fact that such a vulnerability was extremely damaging was because it was present in various iterations of Microsoft's own anti-malware engine. These engines are installed by default in all Windows 8, 8.1, 10, and Windows Server 2012 PCs across the world and include the likes of Windows Defender, Microsoft System Center Endpoint Protection, Microsoft Security Essentials and Microsoft Endpoint Protection.

Flawed antivirus update targets Windows PCs worldwide, flags Windows files as malware

Until recently, hackers could exploit the vulnerability to allow Microsoft's anti-malware engines to install malware and spyware in PCs across the world while conducting file scanning for exactly the same type of malicious programmes. Microsoft fixed the vulnerability on Monday night by introducing a new fix which will roll out to all affected devices in the next two days.

"The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system," said Microsoft's security team.

NHS: ‘Widespread’ use of unsupported Windows XP ‘putting data at risk’

"Typically, no action is required of enterprise administrators or end users to install updates for the Microsoft Malware Protection Engine, because the built-in mechanism for the automatic detection and deployment of updates will apply the update within 48 hours of release. The exact time frame depends on the software used, Internet connection, and infrastructure configuration," it added.

This is the second such embarrassing episode for Microsoft in two weeks. Last week, a flawed security update to Webroot, an antivirus programme for Windows, impacted Windows computers running all versions of the operating system. The flawed antivirus update identified Windows programmes and other legitimate apps as malware and shut them down, thereby crippling computers.

Windows zero-day vulnerability for sale for $90,000 on Dark Web

Last year, the popular 'zero day vulnerability' allowed hackers to hack into nearly any Windows PC they chose, and it was something that traditional antivirus software could not detect. Microsoft eventually released a patch, but the vulnerability was fully exploited by cyber-criminals. The vulnerability was reportedly put up for sale on the Dark Web for £62,000.

Copyright Lyonsdown Limited 2020

Top Articles

Universal Health Services lost $67m to a Ryuk ransomware attack last year

Universal Health Services said the cyber attack cost it $67 million in remediation efforts, loss of acute care services, and other expenses.

How the human immune system inspired a new approach to cyber-security

Artificial intelligence is being used to understand what’s ‘normal’ inside digital systems and autonomously fight back against cyber-threats

Solarwinds CEO blames former intern for hilarious password fiasco

SolarWinds has accused a former intern of creating a very weak password for its update server and storing it on a GitHub server for months.

Related Articles