News

Microsoft shuts down Defender leak discovered by Google again

By admin
Spread the love

Tavis Ormandy, security researcher at Google’s Project Zero, has found another leak in Windows Defender’s underlying anti-malware engine. Microsoft has closed the leak, according to the researcher.

Ormandy reports that he found this vulnerability using a fuzzer in Windows’ Malware Protection Engine, or MsMpEng. Using a fuzzer, a program can be automatically provided with arbitrary data or partially valid inputs. This makes it possible to determine whether the program reacts in an unexpected way, for example by crashing. In this way Ormandy found a heap corruption in an api, which he believes constitutes a ‘powerful incentive for an exploit’. It wouldn’t be difficult to use it.

According to the security researcher, Microsoft has patched the vulnerability, CVE-2017-8558, in version 1.1.13903.0 of the engine. Ormandy has found leaks in Defender twice before, in early and late May. The engine, which forms the basis of Security Essentials and Endpoint Protection in addition to Defender, is equipped with a full x86 emulator, which has no sandbox, is enabled by default and can be accessed remotely by attackers. Based on his current finding, Ormandy suspects that the vulnerable api has never been subjected to fuzzing.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Microsoft and Activision Blizzard postpone acquisition deadline until October

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Meta introduces open source language model Llama 2, works on PCs and phones

Exit mobile version