Microsoft Patches Major Security Bug

John Lister's picture

Microsoft has suffered a hugely embarrassing security flaw that takes advantage of a bug in Windows' built-in security software. But, security experts have praised its extremely rapid response.

The bug, spotted by Google's Tavis Ormandy, was in Microsoft's own malware protection tools (including Windows Defender), which is built directly into Windows. Such tools have been so successful that for many users, third-party security tools are no longer necessary.

The problem was specifically with a tool known as MsMpEng, (short for Microsoft Malware Protection Engine) that is enabled by default in most versions of Windows and is the main scanning tool for Microsoft's various security applications.

Remote Code Execution Was Possible

In simple terms, a mistake in the way the tool is set up means there's a specific point where MsMpEng will follow a remotely issued order without checking that either the order or the source issuing it is legitimate and authorized. That in turn could allow a hacker remote access to take control of the computer.

It was a particularly worrying bug as it can be activated simply by MsMpEng carrying out a scan: something it's set to do at regular intervals by default.

Google Impressed By Quick Response

It appears it took just two days between Microsoft becoming aware of the problem and having completely patched it with an emergency update for all versions of Windows. This was done outside of the regularly scheduled monthly updates. Ormandy said he had been "blown away" by how quickly Microsoft fixed the problem. (Source: bbc.co.uk)

For most people, the problem will already be fixed and there's no need to take any further action. Those who want to set their minds at rest can check their Windows Defender version by searching "Windows Defender" in the relevant tool, opened by clicking Start and Run in Windows 7, Start in Windows 8.1, or simply using the Cortana search box in Windows 10.

Once Windows Defender is open, click in the top right corner and select "About Windows Defender" or "Settings" to check for the version number. It should be 1.1.13704.0 or later. If it isn't, use either Windows Defender's update menu or the main Windows Update tool to get the latest version. (Source: infoworld.com)

What's Your Opinion?

Do you use Windows Defender and similar built-in Microsoft tools? Do you have automatic updates switched on? Should Microsoft be embarrassed that its big rival Google spotted such a potentially serious flaw?

Rate this article: 
Average: 5 (5 votes)

Comments

doctordemando's picture

I have adjusted the registry on all 4 of my windows 10 machines to see the ethernet connection as metered. Why? I live in the country and have very limited bandwidth, 1.3 Mbps with frequent disconnects. Windows update would frequently bog down our internet obtrusively when we wanted to do something else. MS could have easily made Windows 10 more usable:

1. Let us specify active hours up to 16. Currently we only have the option of 12. My schedule is irregular. Sometimes I use my computer at 7AM, sometimes I use it at 11pm. I don't want a 1g update downloaded during those times.

2. Offer more interaction: Window pops up and says 'update is available, do you want to schedule it for 2 AM tonight?' Click 'yes' set a timer to wake up your machine at 2 am and update. Easy. It can go ahead and update on its own if you delay more than 3 times. Also, why does my computer go to sleep when it is supposed to be updating? Kind of ridiculous MS doesn't suspend the sleep timer like WSUoffline does. <---great update fixer btw.

In short, NO I don't have auto update enabled and it is annoying I have to do it all manually. I would otherwise be very happy with Windows security tools.

Also, my wife has Win 10 Pro on her machine and I set it to delay updates. It still would do update checks and update Defender at inopportune times and she would complain about 'computer going slow.'

dbrumley3077's picture

I am using a free anti-virus (Avast) and it says that it has disabled Windows Defender. I am assuming that it did that because of the possibility of a conflict between two anti-virus programs running concurrently.

My update settings are to download updates, but allow me to select which and when to install.

Do you think I should be concerned about the Defender problem?
If so, what action should I take? Thanks for alerting us to this problem.

doctordemando's picture

Avast should work just fine. Sounds like you are using Windows 7 which still gave a measure of update control.

dbrumley3077's picture

Yes, that's correct.

jimain's picture

I don't seem to have access to Windows Defender About or Settings from Windows 10. Should I have faith or is there a way to confirm the version currently running?

doctordemando's picture

Windows Defender should be installed by default on Windows 10. There should be a little shield in the toolbar lower right corner. Hover over it and it should say 'PC: protected.' You may have to click on the little up arrow to 'show hidden icons.' Right click and choose 'open.' Windows Defender window should pop up. It looks just like MSE from previous versions. Click 'help'-->'about' and it should tell you the version number. Defender gets almost daily windows updates.

JeffRL's picture

I have Microsoft Security Essentials running. When I go to Control Panel and click on Windows Defender, it says it's not running and has a clickable link to start it. Doing that does nothing and the spinning wheel just keeps on spinnin'. Will Defender run when MSE is running? Do I need both?

lepitbull's picture

Using Windows Security Essentials (MSE) is fine on it's own. It is one of the best. You do not need both and they will not run together. If you do wish to Run Windows Defender. Go to your MSE settings and unclick the real time scanning, just disable it temporarily and then Windows Defender will run. I do recommend this because you do not need Windows Defender when MSE is working, running and updated regularly. In my opinion I thought MSE was the best. It stopped a "Ransom ware" file coming to me and MSE told me this, I was sold. But now with Windows 10 I had a funny problem in installing it. So I use a third party AV, but in a year it will stop and I will go back to MSE, if it allows me to do so...

doctordemando's picture

Windows defender takes the place of MSE in windows 10.

Microsoft says: Windows Defender for Windows 8, Windows RT, Windows 8.1, Windows RT 8.1, and Windows 10 provides built-in protection against malware. You can't use Microsoft Security Essentials, but you don't need to—Windows Defender is already included and ready to go.

https://support.microsoft.com/en-us/help/14210/security-essentials-download

lepitbull's picture

Thanks Doc - But I knew that. I found that out when my McAfee stopped then Windows Defender clicked on automatically. Many Users in the forum said they only use Windows Defender, as their only AV in their Windows 10. So the next day my McAfee came back on, I do not know why that happened. But I still speed along. It was nice to know that Windows Defender is always there and waiting for a bought AV glitch.

JeffRL's picture

Thanks for the info. I should have mentioned I'm using Win7. (same reply for the other reply to my post.)