Security News > 2017 > June > Google researcher uncovers another RCE in Microsoft Malware Protection Engine (Help Net Security)
Google Project Zero researcher Tavis Ormandy has unearthed yet another critical remote code execution vulnerability affecting the Microsoft Malware Protection Engine, which powers a number of the company’s antivirus and antispyware software. Discovered earlier this month with the help of a fuzzer for the Windows Defender component created by Ormandy himself, the vulnerability affects the x86 emulator in Windows Defender, which “runs as SYSTEM, is unsandboxed, is enabled by default and remotely accessible to attackers.” … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/wYnLyYxtgrk/
Related news
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- Microsoft Entra "security defaults" to make MFA setup mandatory (source)
- Microsoft SharePoint RCE bug exploited to breach corporate network (source)
- Google claims Big Sleep 'first' AI to spot freshly committed security bug that fuzzing missed (source)
- Germany drafts law to protect researchers who find security flaws (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Researchers Warn of Privilege Escalation Risks in Google's Vertex AI ML Platform (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Microsoft Ignite 2024 Unveils Groundbreaking AI, Security, and Teams Innovations (source)