Radeon Adrenalin 2020 Edition Driver Overview
Guru3D Winter 2019 PC Buyer Guide
Corsair QL120 and QL140 RGB fan review
Promo: Windows 10 Pro for $13 With Office 2016 For $33
Corsair Void RGB Elite Wireless Headset review
Team Group PD400 Portable SSD review
AMD Athlon 3000G review
Team Group T-Force Delta Max 1 TB SSD review
Guru3D Rig of the Month - November 2019
ASUS ROG Rampage VI Extreme Encore review
Microsoft Patches the "Crazy Bad" Windows Vulnerability
Earlier today we reported that Google Project Zero researchers found a ‘crazy bad’ Windows flaw. Microsoft apparantly took it very serious, as it likely was one of the biggest exploits ever. Right now they are patching Windows. The flaw is inside Windows Defender.
Microsoft's speed in issuing an automatic patch is impressive for a change. The vulnerability in Windows that could allow people to run malicious unauthorized code. The vulnerability located in the malware protection software of Windows, Defender. The vulnerability was discovered by two Google Project Zero employees. They called the vulnerability the worst in a long time, because the vunerability was in the Microsoft's Malware Protection Engine, the software used as the basis for various Windows security programs, including Windows Defender.
Tavis Ormandy, one of the Google Project Zero researchers who discovered the flaw, warned exploits were "wormable," meaning they could lead to a self-replicating chain of attacks that moved from vulnerable machine to vulnerable machine.
Windows Defender has far-reaching access to the files and processes on your computer. Unauthorized code could be executed via the vulnerability, without the user even having to open say an infected email attachment. Microsoft's malware protection automatically scans all files on the hard disk, including temporary files, which means that receiving an email or viewing a web page would already be enough to infect a computer.
Therefore, Google's security staff were concerned about vulnerability because they could be remotely run and also very easily distributed. This Vulnerability is located in Windows 7, 8, 8.1, RT, 10, and in various business versions of the operating system. The update that Microsoft has released today corrects the issue and will be automatically installed by all users of the affected versions within two days.
Microsoft Surface-laptop costs 1149 euro (updated) - 05/02/2017 06:24 PM
Several renders and images have been spotted on the web showing an unannounced Microsoft Surface-laptop. A Microsoft insider posted the content on Twitter last night. The new laptop will get a 13.5&...
Microsoft Announces Windows 10 S To Take On Google Chromebook - 05/02/2017 03:43 PM
Microsoft has launched Windows 10 S. Windows 10 S is a version of the OS targeted at students of all ages that promises higher performance, better battery life, and tighter security....
Microsoft will separate Edge browser updates from the Windows 10 - 05/02/2017 07:18 AM
Microsoft is expected to unveil Windows 10 Cloud at its #MicrosoftEDU event. The new SKU of the OS will only run apps that are designed for the Windows Store, and it's meant to be a competitor to Chr...
Microsoft to release major Windows 10 updates twice a year - 04/21/2017 07:07 AM
Tick-tock, Microsoft has announced a twice-per-year feature update schedule for Windows 10 like the Creators update. These will now happen in March and November, each year....
Microsoft Explains Why They Did Not Go for Ryzen in Project Scorpio - 04/19/2017 07:21 AM
In a reply to Eurogamer, Microsoft explained as to why the company has not opted an AMD Ryzen CPU for their Project Scorpio. Basically they claim they can achieve their performance targets without Ry...
waltc3
Senior Member
Posts: 1013
Joined: 2014-07-22
Senior Member
Posts: 1013
Joined: 2014-07-22
#5429826 Posted on: 05/09/2017 03:43 PM
If Google bothered to test Norton's or McAfee's or the others like they test Windows Defender, Lord only knows what they'd find, imo...
It also occurred to me that since they say it dates back to Defender in Windows 7 that it seems to have possibly taken Google years to find this thing...Interesting.
Good thing then that I disable Windows Defender. 
If Google bothered to test Norton's or McAfee's or the others like they test Windows Defender, Lord only knows what they'd find, imo...
It also occurred to me that since they say it dates back to Defender in Windows 7 that it seems to have possibly taken Google years to find this thing...Interesting.
RealNC
Senior Member
Posts: 3114
Joined: 2011-11-24
Senior Member
Posts: 3114
Joined: 2011-11-24
#5429843 Posted on: 05/09/2017 04:30 PM
The flaw is inside Windows Defender.
TheDeeGee
Senior Member
Posts: 6242
Joined: 2010-08-28
Senior Member
Posts: 6242
Joined: 2010-08-28
#5429844 Posted on: 05/09/2017 04:32 PM
Defender is disabled by default here cuz i run NOD32.
Defender is disabled by default here cuz i run NOD32.
schmidtbag
Senior Member
Posts: 4576
Joined: 2012-11-10
Senior Member
Posts: 4576
Joined: 2012-11-10
#5429849 Posted on: 05/09/2017 04:57 PM
If Google bothered to test Norton or McAfee, they'd likely get shut down. I would rather my computer be infected than use those.
If Google bothered to test Norton's or McAfee's or the others like they test Windows Defender, Lord only knows what they'd find, imo... It also occurred to me that since they say it dates back to Defender in Windows 7 that it seems to have possibly taken Google years to find this thing...Interesting.
It also occurred to me that since they say it dates back to Defender in Windows 7 that it seems to have possibly taken Google years to find this thing...Interesting.If Google bothered to test Norton or McAfee, they'd likely get shut down. I would rather my computer be infected than use those.
PrMinisterGR
Senior Member
Posts: 7005
Joined: 2014-09-27
Senior Member
Posts: 7005
Joined: 2014-09-27
#5429869 Posted on: 05/09/2017 06:00 PM
Such a good idea. At least all the rest of the non-exploitable software you have can now run free
By the way this is a code execution while scanning flaw, that probably exists for a ton of other, worse made, AV.
Good thing then that I disable Windows Defender.
Such a good idea. At least all the rest of the non-exploitable software you have can now run free
By the way this is a code execution while scanning flaw, that probably exists for a ton of other, worse made, AV.
RealNC
Senior Member
Posts: 3114
Joined: 2011-11-24
Senior Member
Posts: 3114
Joined: 2011-11-24
#5429897 Posted on: 05/09/2017 07:33 PM
Anyone remember the bitcoin miner in the ESEA client?
Such a good idea. At least all the rest of the non-exploitable software you have can now run free
Anyone remember the bitcoin miner in the ESEA client?
intellimoo
Senior Member
Posts: 296
Joined: 2004-08-29
Senior Member
Posts: 296
Joined: 2004-08-29
#5429908 Posted on: 05/09/2017 07:58 PM
"Microsoft's speed in issuing an automatic patch is impressive for a change."
Guess they didn't want to get scroogled again when the findings would be released by google to hurt --err, inform everybody.
"Microsoft's speed in issuing an automatic patch is impressive for a change."
Guess they didn't want to get scroogled again when the findings would be released by google to hurt --err, inform everybody.
nevcairiel
Senior Member
Posts: 623
Joined: 2015-05-19
Senior Member
Posts: 623
Joined: 2015-05-19
#5429929 Posted on: 05/09/2017 09:08 PM
Thats not entirely clear. Windows Defender in Windows 7 still gets updated, so it may have been caused by a change somewhere down the line, and not been present from day 1. Without testing a large variety of versions, its impossible to know - but also not all that interesting to spend much time on to find out.
It also occurred to me that since they say it dates back to Defender in Windows 7 that it seems to have possibly taken Google years to find this thing...Interesting.
Thats not entirely clear. Windows Defender in Windows 7 still gets updated, so it may have been caused by a change somewhere down the line, and not been present from day 1. Without testing a large variety of versions, its impossible to know - but also not all that interesting to spend much time on to find out.
David Lake
Senior Member
Posts: 681
Joined: 2008-03-03
Senior Member
Posts: 681
Joined: 2008-03-03
#5429971 Posted on: 05/09/2017 11:19 PM
I remove the service and permanently delete the program files for Windows Offender.
I remove the service and permanently delete the program files for Windows Offender.
Redemption80
Senior Member
Posts: 18347
Joined: 2009-01-06
Senior Member
Posts: 18347
Joined: 2009-01-06
#5429976 Posted on: 05/09/2017 11:30 PM
Good stuff, encouraging to see it was patched so quickly.
Good stuff, encouraging to see it was patched so quickly.
PrMinisterGR
Senior Member
Posts: 7005
Joined: 2014-09-27
Senior Member
Posts: 7005
Joined: 2014-09-27
#5429986 Posted on: 05/10/2017 12:08 AM
"There is no problem with my locks since the day I removed them".
I remove the service and permanently delete the program files for Windows Offender.
"There is no problem with my locks since the day I removed them".
Dch48
Senior Member
Posts: 1822
Joined: 2011-10-09
Senior Member
Posts: 1822
Joined: 2011-10-09
#5430051 Posted on: 05/10/2017 05:23 AM
Is this included in the regular batch of 2nd Tuesday updates? I did those as soon as they became available and I just checked and nothing else is available.
Defender is disabled by my AV but not deleted or removed. Doing that is really stupid in my opinion. Even when it is disabled you still have the ability to use it as a manual backup and that's a good thing.
Is this included in the regular batch of 2nd Tuesday updates? I did those as soon as they became available and I just checked and nothing else is available.
Defender is disabled by my AV but not deleted or removed. Doing that is really stupid in my opinion. Even when it is disabled you still have the ability to use it as a manual backup and that's a good thing.
tsunami231
Senior Member
Posts: 9755
Joined: 2003-05-24
Senior Member
Posts: 9755
Joined: 2003-05-24
#5430242 Posted on: 05/10/2017 05:57 PM
Is this included in the regular batch of 2nd Tuesday updates? I did those as soon as they became available and I just checked and nothing else is available.
Defender is disabled by my AV but not deleted or removed. Doing that is really stupid in my opinion. Even when it is disabled you still have the ability to use it as a manual backup and that's a good thing.
I got the todays updates too, but Defender is disable too by avast, so i not sure either
Is this included in the regular batch of 2nd Tuesday updates? I did those as soon as they became available and I just checked and nothing else is available.
Defender is disabled by my AV but not deleted or removed. Doing that is really stupid in my opinion. Even when it is disabled you still have the ability to use it as a manual backup and that's a good thing.
I got the todays updates too, but Defender is disable too by avast, so i not sure either
Click here to post a comment for this news story on the message forum.
Member
Posts: 29
Joined: 2015-06-05
Good thing then that I disable Windows Defender.