Microsoft fixes critical security flaw in Windows Defender

Microsoft has issued a patch for a remote code execution vulnerability in the Microsoft Malware Protection Engine.

The engine was not scanning a specially-crafted file adequately, which Microsoft said led to memory corruption.

Microsoft Security Essentials and Windows Defender are affected.

Other affected software includes various Microsoft Endpoint Protection products.

“An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system,” said Microsoft.

“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

An attacker could deliver the attack through a website, email, or a message from an IM application.

“If the affected antimalware software has real-time protection turned on, the Microsoft Malware Protection Engine will scan files automatically, leading to exploitation of the vulnerability when the specially crafted file scanned.”

“If real-time scanning is not enabled, the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited.”

Microsoft said its patch fixes the issue by correcting the way the engine scans the file.

The company did not receive any reports of the weakness being used to attack users before the security advisory was issued.

This article first appeared on MyBroadband and is republished with permission.

Now read: Microsoft will deliver two major Windows 10 updates a year