By now, it’s obvious that Microsoft is pushing hard to make Windows Defender the standard, go-to security solution for Windows 10. It would seem that it’s quite a long way from that still as yet another critical flaw has been found in Windows Defender. The issue was brought to light by Tavis Ormandy, a security engineer for Google.
Google Project Zero
Tavis works at Google under the Project Zero initiative, a task force of sorts which aims to find critical problems within released software. Upon finding critical issues with the software, the software developer/vendor is contacted and asked to fix the problem.
After that, Project Zero gives the vendor 90 days to fix the problem. If a patch is not released in this time period, Google’s task force will take matters into its own hands and make the issue public, in service of the vendor’s customers which need to be informed about the major problem or problems found within the software they pay for.
Already on the job
There was no need for the second part of the initiative to take place this time as Microsoft already released a patch for the security vulnerability.
As for the actual vulnerability, the x86 emulator for Windows Defender was un-sandboxed. This might have impacted it negatively. The emulator was also affected by a bug. Ormandy contacted Microsoft directly to inquire about their decision of exposing the apicall instruction. Here is what the Windows maker had to say in response to Tavis Ormandy:
“I discussed Microsoft’s ‘apicall’ instruction that can invoke a large number of internal emulator apis and is exposed to remote attackers by default in all recent versions of Windows. I asked Microsoft if this was intentionally exposed, and they replied ‘The apicall instruction is exposed for multiple reasons’, so this is intentional”
Windows Defender update
The problem has been already patched, as previously mentioned, but users still need to apply said patch. For those trying to figure out whether or not they have the latest patch which contains the fix, that patch updates the Malware Protection Engine to version 1.1.139.03.0. The current version installed on a PC can be checked in the Windows Defender section in Windows, which is under Update & Security.
RELATED STORIES TO CHECK OUT:
- Microsoft fixes another severe vulnerability in Windows Defender
- Microsoft fixes a Windows Defender remote code execution vulnerability
- Microsoft fixes nasty Windows Defender bug in Windows 10 Redstone 3