One of the most basic rules to keep your online profiles or computer from being hacked is to not open any dubious emails or click on suspicious links. But a recent flaw found by Google Project Zero researchers in Windows Defender is a different beast entirely.
Ars Technica reports that Tavis Ormandy and Natalie Silvanovich recently discovered that hackers could take over an entire system by simply sending an email or message to a device running the default malware protection software. The victim doesn’t even have to click the email or any links because the damage is already done at that point.
“The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file,” Microsoft said in an announcement. “An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system.”
The researchers called the finding “the worst Windows remote code exec in recent memory,” saying that attacks of this nature “work against a default install, don’t need to be on the same LAN, and it’s wormable,” meaning that hackers could jump from one machine to another in quick succession.
Microsoft quickly responds
Initially, most security experts believed that it would take Microsoft several weeks to come up with a patch to fix the problem. However, the company surprised almost everyone by pushing a fix through Monday night.
Microsoft stated that it hadn’t observed any public exploitation of the vulnerability and that the updates it created should squash any chance that they’ll be used. However, consumers should take immediate steps to make sure that their devices are safe.
The flaw affects all of the most recent Windows operating systems, including Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows 10.
Microsoft advises all users to verify that they have the latest version (version 1.1.13704.0 or later) of the Microsoft Malware Protection Engine. Definition updates should also be set to actively download and install for Microsoft antimalware products, the company said.
What to do
Below you’ll find instructions for how to verify if you have the most updated Windows Defender version on your device:
For those running Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2:
- Click on the “Help” button and then “About Windows Defender”
- Look for the “Engine Version” number and ensure that it is version 1.1.13704.0 or later.
For those running Windows 8:
- Open your Start menu, type in “Windows Defender,” and open the associated program.
- Select the “Update” tab, click on “Help,” and then click “About.”
- Look for the “Engine Version” number and ensure that it is version 1.1.13704.0 or later.
For those running Windows 10:
- Type “Windows Defender” into the Cortana search box and open the associated program.
- Click on the “Settings” icon and then the “About” tab.
- Under “System Information” look for the “Engine Version” number and ensure that it is version 1.1.13704.0 or later.
For more information on the exploit and what consumers can do, visit Microsoft’s security advisory page here.