On Sunday, a security hole was found in Microsoft’s Window Defender.
Google Security Team Project Zero found a severe security hatch in Microsoft’s Window Defender.
It was not any small security hole that was detected either. Microsoft’s anti-virus program Windows Defender could self-open malicious code files.
Microsoft quick sorted the problem, and already on Monday, Microsoft rolled out an unplanned security update to Microsoft’s Malware Protection Engine, which is part of Defender.
Should we be impressed by Microsoft’s quick fix on this?
It was a quick fix, but such a serious problem should not be found in any software that has been public for as long as the windows defender has been.
Microsoft remedied the problem so quickly can only be seen as a weakness in the software that was bigger than usual. And on Twitter, Google employee Tavis Ormandy, who was the one that found the security hatch, writes that it was one of the worst things he has ever seen.
The security hole, named CVE-2017-0290, should have enabled hackers to trick the antivirus to open infected files. Which means that the virus protection was the attacker instead. And on top of that, it could also spread to other computers on the same network.
So what do you need to do now?
The update that went out on Monday will be installed automatically and should not require any additional work from the user. Today, most machines at should be updated. But Microsoft has said that it can take up to 48 hours for everyone to automatically got it.
The time difference between the automatic update depends on your internet connection and infrastructure settings, something you can read more about here.
But for those who want to be on the safe side. Make sure you have version 1.1.13704.0 or higher of Windows Defender. If not, you can manually update Window Defender.