Security Windows Defender Security Vulnerability CVE-2017-0290

eva2000 · May 10, 2017

Woah Microsoft Windows Defender CVE-2017-0290 vulnerability allows remote attackers to take over a system with any system owner interaction !

Massive vulnerability in Windows Defender leaves most Windows PCs vulnerable

Microsoft on Monday patched a severe code-execution vulnerability in the malware protection engine that is used in almost every recent version of Windows (7, 8, 8.1, 10, and Server 2016), just three days after it came to its attention. Notably, Windows Defender is installed by default on all consumer-oriented Windows PCs.

The exploit (officially dubbed CVE-2017-0290) allows a remote attacker to take over a system without any interaction from the system owner: it's simply enough for the attacker to send an e-mail or instant message that is scanned by Windows Defender. Likewise, anything else that is automatically scanned by Microsoft's malware protection engine—websites, file shares—could be used as an attack vector. Tavis Ormandy, one of the Google Project Zero researchers who discovered the flaw, warned that exploits were "wormable," meaning they could lead to a self-replicating chain of attacks that moved from vulnerable machine to vulnerable machine.
Click to expand...

To check whether your Windows PC has been updated, head to "Windows Defender settings" and note the Engine version number. 1.1.13704.0 or higher means you've been patched. And now just sit back and wait for the next vulnerability.
Click to expand...

pamamolf · May 11, 2017

I told you that it was out an RCE for all Windows

Also they patch 4 extra related RCE vulnerabilities....

eva2000 · May 11, 2017

At least Microsoft was on top of this with quick patch releases !

pamamolf · May 12, 2017

The one that i had the related info was one of the 4 extra that they patch and was exist for almost 6 months....

Anyway all good now

Log in / Register

Forums

Want to subscribe to topics you're interested in?

Security Windows Defender Security Vulnerability CVE-2017-0290

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

.

Log in / Register

Useful Searches

Want to subscribe to topics you're interested in?

Security Windows Defender Security Vulnerability CVE-2017-0290

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

.