HomeWinBuzzer NewsMicrosoft Fixes 'Crazy Bad' Zero-Day Windows Defender Vulnerability in Two Days

Microsoft Fixes ‘Crazy Bad’ Zero-Day Windows Defender Vulnerability in Two Days

An exploit in Windows Defender's malware prevention engine has caused considerable concern among security researchers, labeled one of the worst zero-day exploits in recent times. Now that the flaw is fixed, more details about it have emerged.


There was a certain amount of panic when 's Project Zero researchers announced a serious zero-day exploit in Windows this weekend. The project's Tavis Ormandy and Natasha Silvanovich reported “the worst remote code exec in recent memory.”

Of course, the discovery of an exploit by Google also starts a countdown timer. In a bid to encourage rapid fixes, the team promises to publish flaws ninety days after the developer is notified.

There was some concern, then, about 's ability to patch it in time. Thankfully, the tech giant was able to remedy the issue in just two days. Now that it's fixed, we're privy to a few more details.

Windows Defender Exploit

According to Google, the vulnerability was in . Specifically, its anti-malware portion, MsMPEng. The engine could be tricked into executing code from a web page, email, or message. What's more, malware can then be spread to other systems on the local network.

“Vulnerabilities in MsMpEng are among the most severe possible in Windows, due to the privilege, accessibility, and ubiquity of the service,” said Ormandy.

MsMpEngine runs on a number of platforms, including , 8, 8.1 and Windows Server 2016. In the latest versions of 10 and 8.1, the exploit is mitigated somewhat by Control Flow Guard.

However, there's no denying that this is a critical vulnerability. The tagline of “worst remote code exploit in recent memory” may actually fit.

Of course, Microsoft is taking it very seriously and has released a security advisory of its own. It's rolling out an automatic update to the malware protection engine and encourages admins to “follow their established internal processes to ensure that the definition and engine updates are approved in their update management software.”

The patch should apply itself within 48 hours, but if you can't wait then a manual update is possible. If your malware protection engine is version 1.1.13701.0, refer to this knowledgebase article.

Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News