Microsoft Patched Security Gap in 48 Hours
A massive hole was recently found in Microsoft’s malware detection engine, allowing specially crafted files to execute. This engine is used in Windows Defender, as well as six additional Microsoft security solutions for both home and business users. According to PC World the list of compromised security solutions included:
- Microsoft Security Essentials
- Microsoft System Center Endpoint Protection
- Windows Defender
- Microsoft Endpoint Protection
- Windows Intune Endpoint Protection
- Microsoft Forefront Security for SharePoint Service Pack 3
- Microsoft Forefront Endpoint Protection 2010
The vulnerability left the door open for hackers to install malware into these various software programs. The security gap was found on Saturday, May 6th, and within two days Microsoft had it patched. This alone has created buzz that the vulnerability must have been quite serious, considering Microsoft typically waits to do any security updates or patch management until the second Tuesday of the month.
The security vulnerability was discovered by two Google Project Zero researchers, Tavis Ormandy and Natalie Silvanovich. Ormandy called the security hole “crazy bad” and likely
“…the worst Windows remote code execution in recent memory.”
The issue with this particular vulnerability is, by simply allowing the infected file to exist means you could have been infected. Therefore, users do not need to click on attachments, open emails, or download a particular file. Its sheer presence is enough to infect, which is quite alarming considering seven different security solutions were impacted.
Are You Impacted?
If you use any of the security solutions listed above, the likelihood of your PC being infected is far higher if you were running them on “real-time” protection. This is because the files are scanned for malicious content as they come in, versus on a reoccurring date. Assuming this maliciously crafted file was on your PC, it would’ve allowed it to run if you were running in “real-time” because the security gap would’ve allowed it to.
PC World also states,
“Users should check that the Microsoft Malware Protection Engine version used in their products is 1.1.10701.0 or later. Propagation of the fix to products that are configured to for automatic updates can take up to 48 hours, but users can also trigger a manual update.”