Microsoft Patched “Crazy Bad” Hole in Their Security Solutions

Microsoft Patched Security Gap in 48 Hours

A massive hole was recently found in Microsoft’s malware detection engine, allowing specially crafted files to execute.  This engine is used in Windows Defender, as well as six additional Microsoft security solutions for both home and business users.  According to PC World the list of compromised security solutions included:

  1. Microsoft Security Essentials
  2. Microsoft System Center Endpoint Protection
  3. Windows Defender
  4. Microsoft Endpoint Protection
  5. Windows Intune Endpoint Protection
  6. Microsoft Forefront Security for SharePoint Service Pack 3
  7. Microsoft Forefront Endpoint Protection 2010

The vulnerability left the door open for hackers to install malware into these various software programs.  The security gap was found on Saturday, May 6th, and within two days Microsoft had it patched.  This alone has created buzz that the vulnerability must have been quite serious, considering Microsoft typically waits to do any security updates or patch management until the second Tuesday of the month.

The security vulnerability was discovered by two Google Project Zero researchers, Tavis Ormandy and Natalie Silvanovich.  Ormandy called the security hole “crazy bad” and likely

“…the worst Windows remote code execution in recent memory.”

The issue with this particular vulnerability is, by simply allowing the infected file to exist means you could have been infected.  Therefore, users do not need to click on attachments, open emails, or download a particular file.  Its sheer presence is enough to infect, which is quite alarming considering seven different security solutions were impacted.

Are You Impacted?

If you use any of the security solutions listed above, the likelihood of your PC being infected is far higher if you were running them on “real-time” protection.  This is because the files are scanned for malicious content as they come in, versus on a reoccurring date.  Assuming this maliciously crafted file was on your PC, it would’ve allowed it to run if you were running in “real-time” because the security gap would’ve allowed it to.

PC World also states,

“Users should check that the Microsoft Malware Protection Engine version used in their products is 1.1.10701.0 or later.  Propagation of the fix to products that are configured to for automatic updates can take up to 48 hours, but users can also trigger a manual update.”

 

Stop Responding to Threats.
Prevent Them.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles

Honda Hacked

Photo by Will Hough on Unsplash Honda’s Global Operations Haulted Automobile giant Honda confirmed today that they’ve been the victim of a cyberattack. The company released a statement

Read More