- Joined
- Jun 28, 2017
- Messages
- 6,805
- Reaction score
- 648
-
Join the MyBroadband community
South Africa’s biggest forum. Discuss, discover, and connect with thousands of members.
-
Question of the Day: What's the most interesting small town you've visited in South Africa?
Microsoft patches remote code execution flaw in Windows Defender
- Thread starter Newsfeed
- Start date
The article doesn't say when backdoor had been discovered, by whom and how long it took it to patch.
The longer time indicate MS intent to replace it with a different backdoor.
The method how Microsoft fix these 'bugs' is not acceptable. The (so called) "virus definition file" is actually an active executable code running in NT System Authority. It is very unsafe, as every new "virus definition file" can activate new backdoors. Starting from v.1709 MS 'telemetry' spying and crypto-currency engine is being integrated with Defender, so now you may have better understanding a real purpose of the "virus definition file".
The longer time indicate MS intent to replace it with a different backdoor.
The method how Microsoft fix these 'bugs' is not acceptable. The (so called) "virus definition file" is actually an active executable code running in NT System Authority. It is very unsafe, as every new "virus definition file" can activate new backdoors. Starting from v.1709 MS 'telemetry' spying and crypto-currency engine is being integrated with Defender, so now you may have better understanding a real purpose of the "virus definition file".
kripstoe
Expert Member
What?
supersunbird
Honorary Master
The guy has MS conspiracy theories coming out of his pores, so take it for what it is..
irBosOtter
Expert Member
Can you provide proof of anything you say here?
Just asking, would be nice to know if these are facts or just your opinion.
TelkomUseless
Honorary Master
- Joined
- Mar 13, 2006
- Messages
- 16,570
- Reaction score
- 11,208
Lol.
Exactly as said.
CataclysmZA
Executive Member
- Joined
- Apr 1, 2010
- Messages
- 5,595
- Reaction score
- 1,613
Since the staff writer didn't get this info, here you go:
It's called CVE-2018-0986. You can find its entry into the database here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0986
It was discovered by Google Project Zero's Thomas Dullien. Here's his Twitter: https://twitter.com/halvarflake
And here's a full breakdown of how and why it works: https://bugs.chromium.org/p/project-zero/issues/detail?id=1543&desc=2
You don't seem to understand the underlying technology here, or how this exploit could have worked in the first place.
You need to:
A) Prove that the virus definition file is running as executable code as the NT System Authority user
B) Substantiate your claim that the virus definition file can activate new backdoors
C) Look up what an interpreter does and how it fits into the MSE in Windows Security Essentials/Defender/Advanced Threatguard.
D) Maybe read this: https://www.virusbulletin.com/virus...ositive-disaster-anti-virus-vs-winrar-amp-co/
It's called CVE-2018-0986. You can find its entry into the database here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0986
It was discovered by Google Project Zero's Thomas Dullien. Here's his Twitter: https://twitter.com/halvarflake
And here's a full breakdown of how and why it works: https://bugs.chromium.org/p/project-zero/issues/detail?id=1543&desc=2
You don't seem to understand the underlying technology here, or how this exploit could have worked in the first place.
You need to:
A) Prove that the virus definition file is running as executable code as the NT System Authority user
B) Substantiate your claim that the virus definition file can activate new backdoors
C) Look up what an interpreter does and how it fits into the MSE in Windows Security Essentials/Defender/Advanced Threatguard.
D) Maybe read this: https://www.virusbulletin.com/virus...ositive-disaster-anti-virus-vs-winrar-amp-co/
Last edited:
How do you know it for sure?
CataclysmZA
Executive Member
- Joined
- Apr 1, 2010
- Messages
- 5,595
- Reaction score
- 1,613
How do I know what?
ToxicBunny
Oi! Leave me out of this...
That the sky is aquamarine
The statement you made in a quoted part.
kripstoe
Expert Member
Can you post more details please.
gregmcc
Honorary Master
ToxicBunny
Oi! Leave me out of this...
The bot lies... it’s actually CVE-2021-0023
Nope. Not in the article.
Johnatan56
Honorary Master
May I propose that we implement a system that bans sajunky from any threads that have the word Microsoft or Windows in it?
ToxicBunny
Oi! Leave me out of this...
Or that deal with logic or reality?
CataclysmZA
Executive Member
- Joined
- Apr 1, 2010
- Messages
- 5,595
- Reaction score
- 1,613
Feel free to elaborate on that statement, please. Because apart from giving you the CVE number, I didn't really state anything else. Except for that one part where I said you didn't understand how the exploit worked in the first place. That was definitely stated.
Oh, and I'm still waiting for you to:
A) Prove that the virus definition file is running as executable code as the NT System Authority user
B) Substantiate your claim that the virus definition file can activate new backdoors
C) Look up what an interpreter does and how it fits into the MSE in Windows Security Essentials/Defender/Advanced Threatguard.
D) Maybe read this: https://www.virusbulletin.com/virusb...winrar-amp-co/
Ho3n3r
Honorary Master
The 2 people that use Defender, will be really happy.