Major Microsoft Windows Defender flaw discovered by Google employee, patch released right away

By: Costea Lestoc
2 minute read

By now, it’s obvious that Microsoft is pushing hard to make Windows Defender the standard, go-to security solution for Windows 10. It would seem that it’s quite a long way from that still as yet another critical flaw has been found in Windows Defender. The issue was brought to light by Tavis Ormandy, a security engineer for Google.

Google Project Zero

Tavis works at Google under the Project Zero initiative, a task force of sorts which aims to find critical problems within released software. Upon finding critical issues with the software, the software developer/vendor is contacted and asked to fix the problem.

After that, Project Zero gives the vendor 90 days to fix the problem. If a patch is not released in this time period, Google’s task force will take matters into its own hands and make the issue public, in service of the vendor’s customers which need to be informed about the major problem or problems found within the software they pay for.

Already on the job

There was no need for the second part of the initiative to take place this time as Microsoft already released a patch for the security vulnerability.

As for the actual vulnerability, the x86 emulator for Windows Defender was un-sandboxed. This might have impacted it negatively. The emulator was also affected by a bug. Ormandy contacted Microsoft directly to inquire about their decision of exposing the apicall instruction. Here is what the Windows maker had to say in response to Tavis Ormandy:

“I discussed Microsoft’s ‘apicall’ instruction that can invoke a large number of internal emulator apis and is exposed to remote attackers by default in all recent versions of Windows. I asked Microsoft if this was intentionally exposed, and they replied ‘The apicall instruction is exposed for multiple reasons’, so this is intentional”

Windows Defender update

The problem has been already patched, as previously mentioned, but users still need to apply said patch. For those trying to figure out whether or not they have the latest patch which contains the fix, that patch updates the Malware Protection Engine to version 1.1.139.03.0. The current version installed on a PC can be checked in the Windows Defender section in Windows, which is under Update & Security.

RELATED STORIES TO CHECK OUT:

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading

Discussions