Microsoft has fixed a vulnerability in Windows Defender which allowed hackers to use the anti-virus engine itself to install malware in affected PCs.
A security flaw in Windows Defender allowed hackers to infiltrate PCs and install malicious malware and spyware protected by administrative privileges.
The fact that such a vulnerability was extremely damaging was because it was present in various iterations of Microsoft’s own anti-malware engine. These engines are installed by default in all Windows 8, 8.1, 10, and Windows Server 2012 PCs across the world and include the likes of Windows Defender, Microsoft System Center Endpoint Protection, Microsoft Security Essentials and Microsoft Endpoint Protection.
Until recently, hackers could exploit the vulnerability to allow Microsoft’s anti-malware engines to install malware and spyware in PCs across the world while conducting file scanning for exactly the same type of malicious programmes. Microsoft fixed the vulnerability on Monday night by introducing a new fix which will roll out to all affected devices in the next two days.
“The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system,” said Microsoft’s security team.
“Typically, no action is required of enterprise administrators or end users to install updates for the Microsoft Malware Protection Engine, because the built-in mechanism for the automatic detection and deployment of updates will apply the update within 48 hours of release. The exact time frame depends on the software used, Internet connection, and infrastructure configuration,” it added.
This is the second such embarrassing episode for Microsoft in two weeks. Last week, a flawed security update to Webroot, an antivirus programme for Windows, impacted Windows computers running all versions of the operating system. The flawed antivirus update identified Windows programmes and other legitimate apps as malware and shut them down, thereby crippling computers.
Last year, the popular ‘zero day vulnerability’ allowed hackers to hack into nearly any Windows PC they chose, and it was something that traditional antivirus software could not detect. Microsoft eventually released a patch, but the vulnerability was fully exploited by cyber-criminals. The vulnerability was reportedly put up for sale on the Dark Web for £62,000.