Yet another Windows Defender vulnerability discovered

Jun 26, 2017 12:19 GMT  ·  By

Google security engineer Tavis Ormandy has discovered yet another vulnerability in Windows Defender, and once again Microsoft has moved super-fast to deliver a fix.

Ormandy, who is part of Google’s Project Zero security program, discovered the vulnerability on June 9 and reported it to Microsoft privately to give the software giant the chance to release a patch. As per the policy of Project Zero, vulnerabilities are made public 90 days after the vendor is contacted, if a patch is not released in the meantime.

Microsoft, however, has already published a patch for this Windows Defender flaw, so Ormandy published details on Friday, once again showing that without sandboxing, the antivirus engine is prone to more similar security issues.

Update your systems to stay secure

For the more tech-savvy users, Ormandy explains the bug impacts the x86 emulator built for Windows Defender, which Microsoft has left un-sandboxed on purpose.

“I discussed Microsoft's ‘apicall’ instruction that can invoke a large number of internal emulator apis and is exposed to remote attackers by default in all recent versions of Windows. I asked Microsoft if this was intentionally exposed, and they replied ‘The apicall instruction is exposed for multiple reasons’, so this is intentional,” Ormandy explained.

Microsoft has already published a patch for this vulnerability, and in order to remain secure, Windows Defender needs to update the Malware Protection Engine to version 1.1.13903.0. To determine the version running on your system, open the Settings app on Windows 10, head over to Update & security > Windows Defender and check out the engine version on the right side of the screen.

Windows 10 systems that are configured to automatically receive updates are already patched and secure against this vulnerability.

As for Microsoft, it looks like the software giant is indeed responding fast to these security warnings, though it’s still uncanny to see the company preferring to patch vulnerability rather than to sandbox the antivirus engine to prevent such flaws from happening.