Latest in Gear

Image credit: Drew Angerer via Getty Images

Microsoft just fixed a serious Windows Defender bug

Theoretically, an attacker could take over your PC with an email you haven't even opened yet.
1593 Shares
Share
Tweet
Share
Save

Sponsored Links

Drew Angerer via Getty Images

Over the weekend, Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich tweeted about discovering "the worst Windows remote code exec in recent memory." According to Ormandy, it could work against a default installation and even become "wormable" -- able to replicate itself on a targeted machine and then spread to other computers automatically. Now we know more about what the problem is since, in just two days, Microsoft's Security Response Center and Windows Defender developers were able to come up with a fix that is now available via Windows Update for Windows 7, 8.1, RT and 10 (according to Microsoft, the Control Flow Guard security feature lowers the risk of this attack on 8.1 and 10), as well as other versions that IT professionals may be more familiar with.

As described by the Project Zero team, the problem resided in Microsoft's antimalware protection engine, which is supposed to scan files for issues, but could be tricked into executing code included in an email, on a webpage or in an instant message. Now that it's patched, your Windows computer should download the updated version automatically within the next day or two.

Windows Defender

If you're in a hurry, you can punch the update button and get it manually, likely without a reboot -- just check your Windows Defender settings to make sure it has an engine listed with version 1.1.13704.0 or higher.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1593 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget’s guide to Home Entertainment

Engadget’s guide to Home Entertainment

View
SpaceX is requesting permission to launch 30,000 more Starlink satellites

SpaceX is requesting permission to launch 30,000 more Starlink satellites

View
'League of Legends: Wild Rift' will land on mobile and consoles in 2020

'League of Legends: Wild Rift' will land on mobile and consoles in 2020

View
Riot celebrates ten years of 'LoL' by finally announcing new games

Riot celebrates ten years of 'LoL' by finally announcing new games

View
Watch Tesla's crash test lab wreck Model 3s to make them safer

Watch Tesla's crash test lab wreck Model 3s to make them safer

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr