Microsoft Fixes Serious Flaw in Windows Defender

Microsoft has quietly stock-still a serious bug in its Windows Defender antivirus software that allowed hackers to hijack infected PCs.

The vulnerability was institute in the software's malware protection engine, which is designed to regularly scan files for computer viruses. United kingdom of great britain and northern ireland regime discovered that it could actually exist exploited when scanning a "special crafted file," according to Microsoft's security advisory.

SecurityWatch The rigged file will trigger the protection engine to execute code on the Windows system, which could let a hacker install programs, edit files, or create new accounts with full user rights.

Getting the rigged file on to a PC could happen in a number means. Imagine a convincing phishing electronic mail or instant bulletin loaded with the attachment. Victims wouldn't even have to open the file; they would simply need to download it, and let Windows Defender scan information technology.

The threat is particularly serious for PCs that enabled Windows Defender real-time protection, which will scan downloaded files automatically.

Fortunately, Microsoft issued a fix that is automatically rolling out to its Windows Defender and Security Essentials software. Users don't need to install any update.

The United kingdom's National Cyber Security Eye —which defends the state from cyber attacks— discovered the flaw, suggesting that it may have been used in a real hack.

It isn't the starting time time a serious problems has been found in Windows Defender. In May, Google security researchers discovered a remote lawmaking execution flaw with the software that was described as "crazy bad." That bug also worked when the malware protection engine scanned a rigged file. Microsoft quickly issued a prepare.