Microsoft Fixes a Security Failure in Windows Defender

Update immediately Defender: Η Microsoft κυκλοφόρησε μια σιωπηρή ενημέρωση για μια ευπάθεια που επέτρεπε απομακρυσμένη εκτέλεση in the anti-malware mechanism (Malware Protection ) used by the Windows security software, Windows Defender which is available by default in Windows 10.

It was discovered on May 12 by its well-known security researcher Because Tavis Ormandy. The flaw existed in the MsMpEng x86 simulator, and could be exploited by intruders with some obscure executable file, mainly because it was not sandboxed.Windows Defender

“MsMpEng includes a full x86 system emulator that ται για την εκτέλεση οποιωνδήποτε μη αξιόπιστων αρχείων που μοιάζουν με εκτελέσιμα PE. Ο εξομοιωτής εκτελείται σαν NT AUTHORITY\SYSTEM και δεν είναι sandboxed. Αναζητώντας τη λίστα των API που υποστηρίζει ο εξομοιωτής, παρατήρησα το ntdll!NtControlChannel, μια ρουτίνα που μοιάζει με ioctl και επιτρέπει στον εξομοιωμένο κώδικα να ελέγχει τον εξομοιωτή” εξηγεί ο ειδικός ασφαλείας.

“The 0x0C command allows you to convert an attacker-controlled RegularExpressions to Microsoft GRETA (a που εγκαταλείφθηκε από τις αρχές της δεκαετίας του 2000) …Η εντολή 0x12 σας επιτρέπει να φορτώσετε πρόσθετο μικροκώδικα που μπορεί να αντικαταστήσει τα opcodes … Διάφορες εντολές σας επιτρέπουν να αλλάξετε τις παραμέτρους εκτέλεσης Και να διαβάσετε τα χαρακτηριστικά σάρωσης και τα μετα of UFS. This at least looks like a privacy leak, as an attacker can look for the research attributes you set and then retrieve them through the scan results.”

Ormandy calls the security flaw "a potentially extremely malicious vulnerability." The researcher reported this new vulnerability to Microsoft privately and the company developed a fix for Windows Defender last week. To stay protected, you should have automatic updates enabled and running the latest version of Windows Defender.

Microsoft is yet to issue any official statement about it .

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).