A Google engineer recently discovered a Remote Code Execution (RCE) flaw in Microsoft Malware Protection Engine and it appears that the software giant earlier this month began rolling out an emergency update for Windows 10 devices to address the potential vulnerability. The older version of Microsoft Malware Protection Engine (MMPE) has a security flaw that would allow an attacker to take control of the system.
Microsoft has also confirmed that no action is required from the user to install updates for the Malware Protection Engine as it has automatic detection and deployment of updates feature. The company earlier today confirmed that the patch will apply within 48 hours of release and no action is required.
As the vulnerability discovered is in Malware Protection Engine, the services such as Windows Defender and Microsoft Exchange Server 2013/2016 are also affected. The software giant has already documented the bug in an advisory to inform the users that a file must be dropped on the target system in order to exploit the vulnerability.
Unfortunately, typical methods such as email, download links or instant messaging could be used to drop a crafted file on the system. It is worth noting that the vulnerability is triggered when the antivirus scans the malicious file.
“If the affected AntiMalware software has real-time protection turned on, the Microsoft Malware Protection Engine will scan files automatically, leading to exploitation of the vulnerability when the specially crafted file is scanned. If real-time scanning is not enabled, the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited. All systems running an affected version of antimalware software are primarily at risk,” Microsoft explains the vulnerability.
Microsoft has already deployed the fix and all supported versions of Windows 10 operating system are receiving the patch for Malware Protection Engine vulnerability. The exploit is no longer effective after installing the update.
Make sure that the Microsoft Malware Protection Engine is on version 1.1.14700.5 and you can confirm the software version in Settings -> Update & Security -> Windows Defender Security Center -> Engine Version.
In old days, Microsoft’s Windows Defender failed in the majority of security tests but the company has improved its antivirus solution a lot, the latest version in Windows 10 is good enough to block the malware and attackers. Microsoft’s Windows Defender is getting better scores in antivirus tests. More and more home users or businesses are switching back to the default protection because they don’t need any third-party security product.
Windows Defender is the number one security product on more than 50 percent of systems, and it makes sense as Windows Defender has indeed improved its performance.
“Our antivirus capabilities are a fantastic solution! With five months of top scores that beat some of our biggest competitors, you can be confident that our solution can protect you from the most advanced threats,” Microsoft said in a blog post last month.