Researcher finds RCE flaws in Windows Defender

Jun 15, 2017 09:38 GMT  ·  By

Microsoft rolled out several patches for Windows Defender in order to address vulnerabilities that could have exposed Windows users, but it turns out that the company needs to do better because the antivirus is still suffering from a number of remote code execution flaws.

A report from The Reg and citing security research James Lee reveals that the MsMpEng engine of Windows Defender is open to remote code execution due to insufficient sandboxing, a problem that some other security experts warned of in the last few months.

Google’s Tavis Ormandy, who previously discovered several major bugs in Microsoft software, also came across critical bugs in Windows Defender, and reported them to the company to have them fixed.

After patches for all these reported vulnerabilities were provided, Ormandy tweeted on June 7 to reveal that he found “more critical remote mpengine vulnerabilities,” explaining that the antivirus engine needs to be sandboxed.

Microsoft needs to focus more on sandboxing

The same problem is highlighted in today’s report as well, as James Lee has discovered two remote code execution vulnerabilities that allow a system to get hacked despite running the very latest patches released by Microsoft.

It appears that the new issues aren’t related to the ones reported by Ormandy earlier this month and in late May, describing them as “multiple denial-of-service, integer overflow, and use-after-free bugs.”

An official statement from Microsoft is not available just yet, and it’s a bit worrying that reports of vulnerabilities in Windows Defender come only a few days after this month’s Patch Tuesday when the company typically addresses security vulnerabilities in its software.

For the time being, however, details of the new RCE flaws are not public, so users are protected, though Microsoft should hurry up to deliver a fix addressing all of them. Ormandy also promised to provide a full report on the flaws he discovered in MsMpEng, so Microsoft might have a lot of work to do in order to get its antivirus engine right.