Microsoft Fixes a Security Failure in Windows Defender

Update Windows Defender immediately: Microsoft has released an implicit update for a vulnerability that allowed remote κώδικα στον μηχανισμό προστασίας υ λογισμικού (Malware Protection Engine) που χρησιμεύει το λογισμικό ασφαλείας των Windows, Windows Defender που είναι by default in Windows 10.

It was discovered on May 12 by its well-known security researcher , Tavis Ormandy. The defect was in the MsMpEng x86 emulator, and could be exploited by intruders with a tampered executable file, mainly because it was not .Windows Defender

“MsMpEng includes a full x86 system emulator used to run any untrusted executable-like files PE. The emulator runs as NT AUTHORITY\SYSTEM and is not sandboxed. Looking through the list of win32 APIs supported by the emulator, I noticed ntdll!NtControlChannel, an ioctl-like routine that allows emulated code to control the emulator,” explains the security expert.

"The 0x0C command allows you to convert a RegularExpressions controlled by an attacker to Microsoft GRETA (a library abandoned in the early 2000's) 0 The 12xXNUMX command allows you to load additional microcode that can replace opcodes… Various commands allow you to change runtime parameters and read UFS scan features and metadata. This is at least like a leak of confidentiality, as the attacker can search for the research features you have defined and then retrieve them through the scan results. ”

Ormandy calls the security flaw "a potentially extremely malicious vulnerability." The researcher reported this new vulnerability to Microsoft privately and the company developed a fix for Windows Defender last week. To stay protected, you should have automatic updates enabled and running the latest version of Windows Defender.

Microsoft has not yet issued a formal statement on the issue.

iGuRu.gr The Best Technology Site in Greecefgns

Get the best viral stories straight into your inbox!

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).