Microsoft Fixes Critical Windows 10 Security Flaw Affecting Windows Defender

Microsoft Fixes Critical Windows 10 Security Flaw Affecting Windows Defender
Highlights
  • Microsoft has rolled out security updates
  • The updates patches critical remote execution vulnerability
  • It majorly affects Windows Defender on Windows and Windows Server

Microsoft has rolled out a bunch of security updates to patch a critical remote execution vulnerability that majorly affects Windows Defender on Windows and Windows Server platforms. The issue, listed as CVE2018-0986, exists within Microsoft Malware Protection Engine also impacts Microsoft Security Essentials, Microsoft Forefront EndPoint Protection 2010, Microsoft Exchange Server 2013 and 2016, and Windows Intune Endpoint Protection. Enterprise administrators and end users will not be required to install updates manually as there are built-in tools to automatically deploy the updates within 48 hours of their release.

The new updates aren't a part of Microsoft's monthly security update phase. However, it tightens security across various Windows platforms, including Windows 10 and Windows Server 2012. "An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," the company wrote while describing the vulnerability on its Security TechCenter.

Microsoft points out that there are "many ways" that a specially crafted file can be placed by the attacker. Moreover, it could be delivered via a website, email, or an instant messenger message or even through a site that accepts or host user-provided content.

"If real-time scanning is not enabled, the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited. All systems running an affected version of antimalware software are primarily at risk," Microsoft notes.

The security updates essentially correct the manner in which the Microsoft Malware Protection Engine scans specially crafted files. Further, the vulnerable Microsoft Malware Protection Engine version 1.1.14600.4 has been updated to version 1.1.14700.5.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Jagmeet Singh writes about consumer technology for Gadgets 360, out of New Delhi. Jagmeet is a senior reporter for Gadgets 360, and has frequently written about apps, computer security, Internet services, and telecom developments. Jagmeet is available on Twitter at @JagmeetS13 or Email at jagmeets@ndtv.com. Please send in your leads and tips. More
Samsung Galaxy S9 Mini Spotted on Geekbench With Snapdragon 660 SoC
PayPal Says Digitised FIRC Process for Ease of Indian Sellers, Freelancers

Related Stories

Share on Facebook Tweet Snapchat Share Reddit Comment
 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com