Microsoft Fixes Critical Windows 10 Security Flaw Affecting Windows Defender

Microsoft Fixes Critical Windows 10 Security Flaw Affecting Windows Defender
Highlights
  • Microsoft has rolled out security updates
  • The updates patches critical remote execution vulnerability
  • It majorly affects Windows Defender on Windows and Windows Server
Advertisement

Microsoft has rolled out a bunch of security updates to patch a critical remote execution vulnerability that majorly affects Windows Defender on Windows and Windows Server platforms. The issue, listed as CVE2018-0986, exists within Microsoft Malware Protection Engine also impacts Microsoft Security Essentials, Microsoft Forefront EndPoint Protection 2010, Microsoft Exchange Server 2013 and 2016, and Windows Intune Endpoint Protection. Enterprise administrators and end users will not be required to install updates manually as there are built-in tools to automatically deploy the updates within 48 hours of their release.

The new updates aren't a part of Microsoft's monthly security update phase. However, it tightens security across various Windows platforms, including Windows 10 and Windows Server 2012. "An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," the company wrote while describing the vulnerability on its Security TechCenter.

Microsoft points out that there are "many ways" that a specially crafted file can be placed by the attacker. Moreover, it could be delivered via a website, email, or an instant messenger message or even through a site that accepts or host user-provided content.

"If real-time scanning is not enabled, the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited. All systems running an affected version of antimalware software are primarily at risk," Microsoft notes.

The security updates essentially correct the manner in which the Microsoft Malware Protection Engine scans specially crafted files. Further, the vulnerable Microsoft Malware Protection Engine version 1.1.14600.4 has been updated to version 1.1.14700.5.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Samsung Galaxy S9 Mini Spotted on Geekbench With Snapdragon 660 SoC
PayPal Says Digitised FIRC Process for Ease of Indian Sellers, Freelancers
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Follow Us

Advertisement

© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »