Google researcher pokes new holes in Windows Defender

By on
Google researcher pokes new holes in Windows Defender

x86 emulator in anti-malware causes problems again.

Microsoft has rushed to patch a new issue found by Google Project Zero security researcher Tavis Ormandy that could crash its Windows Defender anti-malware software.

Ormandy homed in on the full system x86 emulator, which runs at the privileged SYSTEM level in Windows, is not sandboxed, and offers up API calls to attackers.

The x86 emulator has been found vulnerable in the recent past by Ormandy.

This time he was able to write a "fuzzer", a piece of code that automatically sends malformed data to an application, and cause memory corruption in an API for the Windows virtual file system.

His proof of concept code is able to crash the Microsoft Malware Protection Engine (MsMpEng) service on Windows, allowing for remote code execution.

Ormandy's bug has been given the common vulnerabilities and exposures identifier of CVE-2017-8557. It affects Windows Defender 32 and 64-bit versions in Windows 10, Windows 8.1, Windows 8.1 RT, Windows 7 and Windows Server 2016.

It is also found in Microsoft security products such as Forefront Endpoint Protection 2010 and Security Essentials.

The bug has been patched in MsMpEng version 1.1.13903.0, which Microsoft has dispatched as an automatic update to Windows Defender.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Log In

Username / Email:
  |  Forgot your password?