HomeWinBuzzer NewsMicrosoft Silently Patches Another Flaw in Windows Defender

Microsoft Silently Patches Another Flaw in Windows Defender

The company has fixed a critical vulnerability which would allow apps executed in the MsMpEng engine’s emulator to control the emulator and achieve several kinds of mischief.

-

's Project Zero researcher Tavis Ormandy discovered the new flaw and now has patched it. Ormandy is the researcher that uncovered a ‘crazy-bad' vulnerability in the Windows Defender three weeks ago, again in MsMpEng.

In his report, Ormandy explains that this new vulnerability would allow hackers to take control of the MsMpEng engine's emulator and achieve all kinds of wrongdoing. The MsMpEng is the anti-malware portion of Windows Defender.

For example, hackers would have been able to execute remote code when the would scan an executable sent by email.

According to Ormandy, the MsMpEng includes “a full system x86 emulator that is used to execute any untrusted files that look like PE executables.

A silent Windows Defender fix

Contrary to how he handled the previous flaw, this time Ormandy privately disclosed the vulnerability to Microsoft. Back on May 9th, the researcher posted the vulnerability on Twitter and received heavy criticism for not notifying Microsoft.

The company released a security advisory for the previous flaw and then started rolling out an automatic update to MsMpEng. However, this time Microsoft managed to patch the flaw silently.

According to Ormandy's report, he informed Microsoft about this new vulnerability on May 12th. In 17 days the company managed to solve the problem and patch the flaw.

Apparently, Google's bid to encourage rapid fixes has proved to be a success. The Project Zero team promises to publish flaws ninety days after the developer is notified.

Kostas Papanikolaou
Kostas Papanikolaou
Kostas is a former sports journalist and an amateur gamer. Combining his love for technology with his writing experience, he enjoys covering news about Microsoft. Being an artistic “soul”, he is also writing poems and short stories.

Recent News