Major security vulnerability found in Windows Defender, millions of users at risk – update NOW


Microsoft has been forced to urgently patch a major security flaw in its Windows Defender software that put millions of users at risk from attack.

The flaw was discovered by researchers from Google’s Project Zero security team who are tasked with finding zero day exploits or undiscovered flaws in software and websites.

This particular flaw affected Windows Defender, Microsoft’s own antivirus software which comes preinstalled on Windows 8, 8.1 and Windows 10, as well as Windows Server 2016.

The flaw allowed hackers to infect PCs by sending unsuspecting users a malicious code via email, instant message or via a link to a website.

However, unlike many viruses, users did not need to click the link in order for the virus to be executed.

Instead, Windows Defender, which is ordinarily meant to protect against viruses was actually responsible for triggering the attack.

When Windows Defender launches its routine virus scan on the incoming email or IM, this scan actually triggers the virus to infect the machine.

Posting on Twitter, researcher Tavis Ormandy described the seriousness of the flaw as “the worst Windows remote code exec in recent memory” adding it was “crazy bad”.

Ormandy released a report detailing his findings.

Microsoft was quick to respond to the issue and has since released a patch.

However, users who do not have automatic updates enabled may still be at risk.

The advice to users is to make sure they have the latest security updates installed.

H/T: Arstechnica


Comments are closed.