HomeWinBuzzer NewsUK Spy Agency GCHQ Discovers Severe Windows Defender Vulnerabilties

UK Spy Agency GCHQ Discovers Severe Windows Defender Vulnerabilties

Two bugs in Windows Defender allow an attacker to take complete control of a user's PC by attaching a file to an email or instant message. The details are currently private and Microsoft is working to remedy the issue.

-

has been informed of two major flaws in that could allow complete control of the system. The bugs allow an attacker to create a memory corrupting by forcing the software to scan a specially crafted file.

“An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” said Microsoft.

A hacker could deliver the file to via a malicious website, email, or instant message for remote delivery.

A Strange Disclosure

It's a bug that draws parallels to the one 's Project Zero discovered back in May. This time, however, the source of the information is much more surprising. The National Cyber Security Center is a unit of the UK's GCHQ. Though its purpose is to give citizen's and government advice, the GCHQ itself is much shadier.

It's the agency responsible for spying on millions of U.K. citizens, including MPs, as well as human rights organizations abroad. GCHQ could have easily kept the exploit secret or shared it with MI5, but instead chose to disclose it.

In doing so, it ensures a safer for government and everybody using Windows. Microsoft notes that the details of the bugs have not been made public, and will be rolling out automatic updates to take care of the issues.

The bugs, CVE-2017-11937 and CVE-2017-11940, should have remedies within 48 hours.

Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News