Microsoft patches remote code execution flaw in Windows Defender

Microsoft has patched a critical security vulnerability in Windows Defender, which could allow an attacker to execute arbitrary code on a system.

The attack required a specific file to be scanned by the Microsoft Malware Protection Engine, that then led to memory corruption.

The attacker could remotely execute code in the security context of the LocalSystem account, allowing them to take control of the system.

“There are many ways that an attacker could place a specially crafted file in a location that is scanned by the engine,” said the company.

“An attacker could use a website to deliver a file to the victim’s system… [or] via an email message, or in an instant messenger message.”

If a user’s real-time protection is turned on, the Microsoft Malware Protection Engine will scan files automatically, leading to exploitation of the vulnerability.”

Microsoft’s patch addresses the vulnerability by correcting the way the Protection Engine scans these files.

The flaw affected the older Microsoft Security Essentials program, and the Defender service from Windows 7 to Windows 10.

Other Microsoft products affected included Microsoft Exchange Server 2013 and 2016.

Now read: Windows 10 is almost at 50% adoption

Latest news

Partner Content

Show comments


Share this article
Microsoft patches remote code execution flaw in Windows Defender