Microsoft published information about a new security vulnerability that affects Windows Defender, Microsoft Security Essentials, and many Enterprise-specific anti-malware alternatives.
CVE-2018-098, Microsoft Malware Protection Engine Remote Code Execution Vulnerability, describes a vulnerability in the Microsoft Malware Protection Engine that attackers could exploit to execute code on the system.
What makes the vulnerability particularly problematic is it can be triggered by Microsoft security program scanning a specially crafted file. In other words, the attack works without user interaction provided the file finds its way on to the target system (for example via a download).
Microsoft anti virus products are configured to scan documents by default. The file the attack is carried out with would be scanned immediately on systems with real time security enabled.
Microsoft released an update for all affected products that corrects the security dilemma. Windows systems using the engine version 1.1.14700.5 or later are protected from the vulnerability.
You can Check the version on user versions of Windows in another way (thanks Woody)
- Windows 10: Use Windows-I to open the Preferences application and proceed to Update & Security > Windows Defender.
- Windows 8.1: Harness the Windows-key to open the Start Menu. Sort Windows Defender and select the result. Select Help > About in the program window.
- Windows 7: Open the Start Menu using a click. Sort Windows Defender and load the result. Select Help > About.
While it’s possible to update definitions manually, updates to Windows Defender’s malware come through Windows Update. You may want to conduct a manual check for updates when the malware is lower than the version the patch has been introduced in.
- Harness the Windows-key, kind Windows Update, and select the result.
- Click check for updates and follow the instructions.
A post on Bleeping Computer provides more information concerning the vulnerability. According to data posted on the site, it was a Google security researcher that discovered the flaw in mpengine.dll. Microsoft rates the bug as critical, the highest severity level as effective exploitation of the vulnerability may grant an attacker complete control over the system.
Systems with third party security software and a disabled Windows Defender or other affected Microsoft security product are not affected by the vulnerability. It’s still suggested to update the malware as soon as you can to the latest version.
Ghacks needs you. You can discover how to support us here or support the site right by becoming a Patreon. Thank you for being a Ghacks reader. The post Update Windows Security software to protect against a critical vulnerability appeared initially on gHacks Technology News.