Microsoft to Tavis: here's the fix. Any chance we could have a day off?
By Richard Chirgwin 26 Jun 2017 Google Project Zero bug-hunter Tavis Ormandy has alerted the world to yet another way Microsoft's anti-virus tool Windows Defender could be attacked.
Ormandy went public with the bug on Friday after Microsoft shipped its fix. He reported the issue to Redmond on June 9th.
The bug is in the non-sandboxed x86 emulator Windows Defender uses. The apicall instruction runs with system privilege, and Ormandy wrote a fuzzer to check it out.
Full Article.