Microsoft has released a fix for recently discovered Windows vulnerability. Recently, Google’s Project Zero discovered Windows Defender vulnerability which could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system.
Google’s Project Zero security researchers regularly try to discover vulnerabilities in the company’s own software products, as well as those developed by other firms, such as Microsoft and Apple. It informs other companies about the vulnerability present in their software products, allowing them 90 days to fix the issue before details are publicly disclosed.
Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft.
The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system.
The Microsoft Malware Protection Engine ships with several Microsoft antimalware products. See the Affected Software section for a list of affected products. Updates to the Microsoft Malware Protection Engine are installed along with the updated malware definitions for the affected products. Administrators of enterprise installations should follow their established internal processes to ensure that the definition and engine updates are approved in their update management software, and that clients consume the updates accordingly.
Typically, no action is required of enterprise administrators or end users to install updates for the Microsoft Malware Protection Engine, because the built-in mechanism for the automatic detection and deployment of updates will apply the update within 48 hours of release. The exact time frame depends on the software used, Internet connection, and infrastructure configuration.
The current version of Windows Defender is 1.1.13701.0 with Microsoft pushing out a new version 1.1.13704.0 which addresses the vulnerability. If your version of the Microsoft Malware Protection Engine is equal to or greater than 1.1.13704.0, then you are not affected by this vulnerability and do not need to take any further action.