Google researcher pokes new holes in Windows Defender

By

x86 emulator in anti-malware causes problems again.

Microsoft has rushed to patch a new issue found by Google Project Zero security researcher Tavis Ormandy that could crash its Windows Defender anti-malware software.

Google researcher pokes new holes in Windows Defender

Ormandy homed in on the full system x86 emulator, which runs at the privileged SYSTEM level in Windows, is not sandboxed, and offers up API calls to attackers.

The x86 emulator has been found vulnerable in the recent past by Ormandy.

This time he was able to write a "fuzzer", a piece of code that automatically sends malformed data to an application, and cause memory corruption in an API for the Windows virtual file system.

His proof of concept code is able to crash the Microsoft Malware Protection Engine (MsMpEng) service on Windows, allowing for remote code execution.

Ormandy's bug has been given the common vulnerabilities and exposures identifier of CVE-2017-8557. It affects Windows Defender 32 and 64-bit versions in Windows 10, Windows 8.1, Windows 8.1 RT, Windows 7 and Windows Server 2016.

It is also found in Microsoft security products such as Forefront Endpoint Protection 2010 and Security Essentials.

The bug has been patched in MsMpEng version 1.1.13903.0, which Microsoft has dispatched as an automatic update to Windows Defender.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift

WhatsApp banned on US House of Representatives devices

WhatsApp banned on US House of Representatives devices

Victoria's first government tech chief steps down

Victoria's first government tech chief steps down

Log In

  |  Forgot your password?