Update Windows Defender immediately: Microsoft released a silent information για μια ευπάθεια που επέτρεπε απομακρυσμένη εκτέλεση κώδικα στον μηχανισμό προστασίας κακόβουλου λογισμικού (Malware Protection Engine) που χρησιμεύει το software security of Windows, Windows Defender which is available by default in Windows 10.
It was discovered on May 12 by well-known Google security researcher Project Because Tavis Ormandy. The flaw existed in the MsMpEng x86 simulator, and could be exploited by intruders with some obscure executable file, mainly because it was not sandboxed.
"MsMpEng includes a full x86 emulator used to run any unreliable files that look like executable PE files. The emulator runs like NT AUTHORITY \ SYSTEM and is not sandboxed. "Looking through the list of win32 APIs that the emulator supports, I noticed ntdll! NtControlChannel, an ioctl-like routine that allows the emulated code to control the emulator," explains the security expert.
"The 0x0C command allows you to convert a RegularExpressions controlled by an attacker to Microsoft GRETA (a library abandoned in the early 2000's) 0 The 12xXNUMX command allows you to load additional microcode that can replace opcodes… Various commands allow you to change runtime parameters and read UFS scan features and metadata. This is at least like a leak of confidentiality, as the attacker can search for the research features you have defined and then retrieve them through the scan results. ”
Ormandy calls the security flaw "a potentially extremely malicious vulnerability." The researcher reported this new vulnerability to Microsoft privately and the company developed a fix for Windows Defender last week. To stay protected, you should have automatic updates enabled and running the latest version of Windows Defender.
Microsoft has not yet issued a formal statement on the issue.