SecuritySecurity Management

Bug In Microsoft’s Anti-Malware Software Enabled The Execution Of Malware

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Follow on:

The Redmond company has patched the rather embarrassing flaw

Microsoft has rushed to patch a flaw in its Windows anti-malware software that ironically could be exploited to enable malware to be installed on vulnerable computers. 

The bug, which was reported by two researchers from Google#s Project Zero cyber security team, was found to enable files with custom code to be executed when scanned by products in Microsoft’s anti-malware portfolio, which includes Microsoft Security Essentials, Windows Defender, and Microsoft Endpoint Protection. 

From this code injection attack, hackers can gain administrative privileges over a machine running Windows 8, 8,1, 10 and Windows Server 2012. 

“If the affected anti-malware software has real-time protection turned on, the Microsoft Malware Protection Engine will scan files automatically, leading to exploitation of the vulnerability when the specially crafted file scanned,” Microsoft’s security advisory warned. 

“An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system.” 

Bug bashing 

hpThe Redmond company rapidly patched the bug in an emergency update, which looks to close the security hole within 48 hours. 

However, the flaw which essentially bypassed the one job the anti-malware software was meant to do, will not have painted Microsoft’s security engineers in a good light. 

“I think and I just discovered the worst Windows remote code exec in recent memory. This is crazy bad. Report on the way,” tweeted Travis Ormandy, one of the security researchers that discovered the bug.

“Vulnerabilities in MsMpEng [the Microsoft malware protection service enabled by default in modern Windows]  are among the most severe possible in Windows, due to the privilege, accessibility, and ubiquity of the service,” Ormandy noted on the Project Zero site

While Microsoft can be commended for hurrying out a fix for the bug, which thus far does not look to have been exploited out in the wild, it has been caught with a fairly embarrassing software flaw. 

Nevertheless, bugs are commonplace in even the most robust software, with closed ecosystems like Apple’s macOS suffering from the odd security compromising bug

Are you a security pro? Try our quiz!