Security News > 2017 > June > Google researcher uncovers another RCE in Microsoft Malware Protection Engine (Help Net Security)

Google researcher uncovers another RCE in Microsoft Malware Protection Engine (Help Net Security)
2017-06-27 19:02

Google Project Zero researcher Tavis Ormandy has unearthed yet another critical remote code execution vulnerability affecting the Microsoft Malware Protection Engine, which powers a number of the company’s antivirus and antispyware software. Discovered earlier this month with the help of a fuzzer for the Windows Defender component created by Ormandy himself, the vulnerability affects the x86 emulator in Windows Defender, which “runs as SYSTEM, is unsandboxed, is enabled by default and remotely accessible to attackers.” … More →


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/wYnLyYxtgrk/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 256 4320 4678 741 9995
Microsoft 365 50 1369 2819 161 4399