Massive vulnerability in Windows Defender leaves most Windows PCs vulnerable (CVE-2017-0290)
A vulnerability has been identified in the malware protection engine (Windows Defender) that is used in almost every recent version of Windows (7, 8, 8.1, 10, and Server 2016). Since Windows Defender is installed by default on all Windows PCs, it leaves many enterprises and users vulnerable to it.
This exploit allows remote attackers to take over the system, without any intervention by the system owner. Attackers could craft an email or an instant message, which when scanned by the vulnerable system, could lead to remotely taking over the system. Anything that can be automatically scanned by Windows Defender e.g. file shares, websites etc. could be used to attack the system. This exploit could also be written as a worm to scan other vulnerable systems and replicate it.
Microsoft has released and pushed an immediate patch against this code execution vulnerability. According to Microsoft, the risk is lower on Windows 10 and Windows 8.1 system because of its security feature to protect against memory corruption on these systems.
You are advised to perform a manual check whether your PC has been updated. To do so, go to “Windows Defender settings” and if the Engine version number is 1.1.13704.0 or higher means the system is patched. For others, you need to act immediately to install the latest updates to avoid being vulnerable to future attacks.