Microsoft quietly fixes another “extremely bad vulnerability” in Windows Defender

Microsoft has quietly pushed out another fix for their virus scanning engine in Windows Defender, the MsMpEng malware protection engine.

Just like the last “crazy bad” vulnerability, this one was also discovered by Google’s Project Zero researcher Tavis Ormandy, but this time he privately disclosed it to Microsoft, showing the criticism he attracted last time for his public disclosure has had some effect.

The vulnerability would allow applications executed in MsMpEng’s emulator to control the emulator to achieve all kinds of mischief, including remote code execution when Windows Defender scanned an executable sent by email.

“MsMpEng includes a full system x86 emulator that is used to execute any untrusted files that look like PE executables. The emulator runs as NT AUTHORITY\SYSTEM and isn’t sandboxed. Browsing the list of win32 APIs that the emulator supports, I noticed ntdll!NtControlChannel, an ioctl-like routine that allows emulated code to control the emulator.” 

Want More? - Click Here

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Latest Content

Visit the Digitalsmind Video YouTube Page!

Did you know we have a video page on YouTube? 

Well... WE DO! 

Check us out! 

- Our Video page.