Google Project Zero is one of those responsible for aerating the most sound security holes during the last months. Yesterday, they posted a serious vulnerability in Windows Defender and only 24 hours later, in record time, the Redmond-based firm has just upgraded to fix this problem.
One of the Google Project Zero investigators was not cut off in stating that we were facing “the worst remote code execution error in Windows of recent times”. The security bug was present in the Microsoft Malware Protection Engine (MMPE), the antivirus engine offered by Windows in the operating system.
Severe vulnerability in Windows Defender and other Microsoft software
Additionally, some other Microsoft software were affected as well. The complete list of affected software is as follows:
- Windows Defender
- Windows Intune Endpoint Protection
- Microsoft Security Essentials
- Microsoft System Center Endpoint Protection
- Microsoft Forefront Security for SharePoint
- Microsoft Endpoint Protection
- Microsoft Forefront
As we all know, Windows Defender is the antivirus that is activated by default in Windows 7, 8.1, RT 8.1, and Windows 10, in addition to Windows Server 2016. That makes all users with some of these versions installed, vulnerable to the serious hole in Security as discovered by Google Project Zero.
Check your Windows 10, the first version will ‘die’ tomorrow
Basically, the existence of this vulnerability allowed a remote attacker to hide code in any file. When the security tool will try to scan that file, it would take advantage of the existence of the security hole or vulnerability to execute the remote code in the operating system and thus gain full access to the system.
Microsoft has quickly gotten to work and has released an update in the background that solves the problem. If we do not have anything blocked in the system and we have not modified its functions with the dozens of tools offered on the Internet, we will probably have the latest version of the antivirus engine (with the vulnerability completely closed).
If we want to go one step further and make sure we do our best then we must access Windows Defender and navigate to About and then search for the number next to the text “Engine Version”. That number should be 1.1.13704.0 or a later version. In that case we are sure about this hole being secured. Otherwise, we must access Windows Update to install all the pending security patches, especially this one.