Google researcher pokes new holes in Windows Defender

By

x86 emulator in anti-malware causes problems again.

Microsoft has rushed to patch a new issue found by Google Project Zero security researcher Tavis Ormandy that could crash its Windows Defender anti-malware software.

Google researcher pokes new holes in Windows Defender

Ormandy homed in on the full system x86 emulator, which runs at the privileged SYSTEM level in Windows, is not sandboxed, and offers up API calls to attackers.

The x86 emulator has been found vulnerable in the recent past by Ormandy.

This time he was able to write a "fuzzer", a piece of code that automatically sends malformed data to an application, and cause memory corruption in an API for the Windows virtual file system.

His proof of concept code is able to crash the Microsoft Malware Protection Engine (MsMpEng) service on Windows, allowing for remote code execution.

Ormandy's bug has been given the common vulnerabilities and exposures identifier of CVE-2017-8557. It affects Windows Defender 32 and 64-bit versions in Windows 10, Windows 8.1, Windows 8.1 RT, Windows 7 and Windows Server 2016.

It is also found in Microsoft security products such as Forefront Endpoint Protection 2010 and Security Essentials.

The bug has been patched in MsMpEng version 1.1.13903.0, which Microsoft has dispatched as an automatic update to Windows Defender.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments

Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"

SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Log In

  |  Forgot your password?