To Customer Support To Customer Support

Most Windows PCs vulnerable to remote attack due to dud Windows Defender

  • 9 May 2017
  • 8 replies
  • 1667 views
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54

You don't even have to open a file: Windows Defender just scans an incoming e-mail.

 
                            


 
Sebastian Anthony - 9/5/2017
 
A massive and rather embarrassing remote code execution vulnerability has been discovered in Microsoft's MsMpEng, the malware protection engine used by Windows Defender, Microsoft Security Essentials, Microsoft Forefront, and Microsoft Endpoint in almost every recent version of Windows (7, 8, 8.1, 10, and Server 2016). Notably, Windows Defender is installed by default on all consumer-oriented Windows PCs.
 
The exploit (officially dubbed CVE-2017-0290) allows for a remote attacker to take over a system without any interaction from the system owner: it's simply enough for the attacker to send an e-mail or instant message that is scanned by Windows Defender. Likewise, anything else that is automatically scanned by Microsoft's malware protection engine—websites, file shares—could be used as an attack vector.
 
Full Article

8 replies

G
Rank
Userlevel 6
Okay, I am so tech challenged it isnt funny.  I have a pc and I get my Microsoft security updates and load them as instructed.  Do i need to do something to fix this or will they be sending an update/patch or...
 
Yikes!!!:S:(
Baldrick
Rank
Userlevel 7
Hi gr8auntteffie
 
Hope that you are well?
 
I would say that all of this has nothing to do with whether you are technical or not.
 
If a vulnerability as been idenitfied as to how WIndows Defender, etc., operate then one is only potentially vulnerable if one is running Windows Defender, etc...it not then no issue.
 
If however you do run Windows Defender, etc., then there is a possibility that you could be compromised...but it would require a malicious email, fo a specific type, to be sent to you...so question is then how likely are all of those things likely to happen to you...not very IMHO.
 
And if you allow Windows Update to do its job automatically, which it sounds like you do, then you should get any associated patch as soon as it can come to you, i.e., once Microsoft have accepted the issue & produced a fix for it..
 
So there is really no more that you can do at presnt...just like the rest of us.
 
Regards, Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
G
Rank
Userlevel 6
@Thank you for the input!  I am doing my daily check and update with my Windows update program as I type!
 
It amazes me that people who have the wherewithal to do such sophisticated things would use that in a negative form...
 
Imagine what they could accomplish if they put that effort into doing something positive!!!
 
Thanks again!
Baldrick
Rank
Userlevel 7
Hi gr8auntteffie
 
I agree with the sentiment you have expressed about these miscreants, and have said so openly many a time here and elsewhere.
 
Just a small thought; why do a daily manual check when you can set up Windows Update to check automatically, and also if you want, to update automatically?
 
Regards, Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
G
Rank
Userlevel 6
@I am a bit cautious when it comes to automatic updates and such, so I have my system set up to let me know that there are updates available for installation so that I have control over what gets added to my system...
 
Is that a little too OCD?
 
I recently had to update my Google for my cell phone and since doing so my battery gets eaten up in no time at all, telling me that the apps running are consuming alot of battery juice, which again, gives me pause.
 
Shouldn't I keep a tighter rein on the apps/updates being added to my system and cell?
Baldrick
Rank
Userlevel 7
Good afternoon gr8auntteffie
 
Hope that you are well?
 
What you have referred to is a moot point with differing views as to how to proceed. I used to be of the school of thought that mirrors your approach but recently have reverted to having MS download & install updtes automatically. Why? Because the scene is a fast moving one and it can only take a day now for something flagged as & issue and patched to be exploited by the miscreants out there.
 
So my view is that adding a delay to an MS update by making a manual decision as to if & when to install adds another layer of risk which is greater than a bad MS Update (there have been those in the past but to be homest not many) and if one has at a minimum created System Restore Points regulalry/better still backed up ones system then the risk is even smaller as one can revert to a point prior to the 'bad' update.
 
Just my view on the subject and there is no real 'right' way to go and the only 'wrong' way is to not allow Windows Updates (which in WIndows 10 is not possible...just deferment).
 
I cannot comment on the latter point about your cell as I suspect that you are an Android user, and as I use Windows Phone (same policy as Windows Updates on a PC) I have no experience of the options you might have, other than to say that Android is a super insecure mobile OS and therefore patch ASAP would be my motto if I was unfortunate enough to use it. ;)
 
Hope that helps?
 
Regards, Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
G
Rank
Userlevel 6
@  Thank you for your input.  All advice and opinions are welcome as I feel that information is always useful!
 
 
Baldrick
Rank
Userlevel 7
You are most welcome, gr8auntteffie, as per always. :D
 
Regards, Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.