Microsoft Patches the "Crazy Bad" Windows Vulnerability



Earlier today we reported that Google Project Zero researchers found a ‘crazy bad’ Windows flaw. Microsoft apparantly took it very serious, as it likely was one of the biggest exploits ever. Right now they are patching Windows. The flaw is inside Windows Defender.
Microsoft's speed in issuing an automatic patch is impressive for a change. The vulnerability in Windows that could allow people to run malicious unauthorized code. The vulnerability located in the malware protection software of Windows, Defender. The vulnerability was discovered by two Google Project Zero employees. They called the vulnerability the worst in a long time, because the vunerability was in the Microsoft's Malware Protection Engine, the software used as the basis for various Windows security programs, including Windows Defender.
Tavis Ormandy, one of the Google Project Zero researchers who discovered the flaw, warned exploits were "wormable," meaning they could lead to a self-replicating chain of attacks that moved from vulnerable machine to vulnerable machine.
Windows Defender has far-reaching access to the files and processes on your computer. Unauthorized code could be executed via the vulnerability, without the user even having to open say an infected email attachment. Microsoft's malware protection automatically scans all files on the hard disk, including temporary files, which means that receiving an email or viewing a web page would already be enough to infect a computer.
Therefore, Google's security staff were concerned about vulnerability because they could be remotely run and also very easily distributed. This Vulnerability is located in Windows 7, 8, 8.1, RT, 10, and in various business versions of the operating system. The update that Microsoft has released today corrects the issue and will be automatically installed by all users of the affected versions within two days.
Microsoft Surface-laptop costs 1149 euro (updated) - 05/02/2017 06:24 PM
Several renders and images have been spotted on the web showing an unannounced Microsoft Surface-laptop. A Microsoft insider posted the content on Twitter last night. The new laptop will get a 13.5&...
Microsoft Announces Windows 10 S To Take On Google Chromebook - 05/02/2017 03:43 PM
Microsoft has launched Windows 10 S. Windows 10 S is a version of the OS targeted at students of all ages that promises higher performance, better battery life, and tighter security....
Microsoft will separate Edge browser updates from the Windows 10 - 05/02/2017 07:18 AM
Microsoft is expected to unveil Windows 10 Cloud at its #MicrosoftEDU event. The new SKU of the OS will only run apps that are designed for the Windows Store, and it's meant to be a competitor to Chr...
Microsoft to release major Windows 10 updates twice a year - 04/21/2017 07:07 AM
Tick-tock, Microsoft has announced a twice-per-year feature update schedule for Windows 10 like the Creators update. These will now happen in March and November, each year....
Microsoft Explains Why They Did Not Go for Ryzen in Project Scorpio - 04/19/2017 07:21 AM
In a reply to Eurogamer, Microsoft explained as to why the company has not opted an AMD Ryzen CPU for their Project Scorpio. Basically they claim they can achieve their performance targets without Ry...
Senior Member
Posts: 1013
Joined: 2014-07-22

If Google bothered to test Norton's or McAfee's or the others like they test Windows Defender, Lord only knows what they'd find, imo...

Senior Member
Posts: 3114
Joined: 2011-11-24

Senior Member
Posts: 6242
Joined: 2010-08-28
Defender is disabled by default here cuz i run NOD32.
Senior Member
Posts: 4576
Joined: 2012-11-10

If Google bothered to test Norton or McAfee, they'd likely get shut down. I would rather my computer be infected than use those.
Senior Member
Posts: 7005
Joined: 2014-09-27

Such a good idea. At least all the rest of the non-exploitable software you have can now run free

By the way this is a code execution while scanning flaw, that probably exists for a ton of other, worse made, AV.
Senior Member
Posts: 3114
Joined: 2011-11-24

Anyone remember the bitcoin miner in the ESEA client?

Senior Member
Posts: 296
Joined: 2004-08-29
"Microsoft's speed in issuing an automatic patch is impressive for a change."
Guess they didn't want to get scroogled again when the findings would be released by google to hurt --err, inform everybody.
Senior Member
Posts: 623
Joined: 2015-05-19
Thats not entirely clear. Windows Defender in Windows 7 still gets updated, so it may have been caused by a change somewhere down the line, and not been present from day 1. Without testing a large variety of versions, its impossible to know - but also not all that interesting to spend much time on to find out.
Senior Member
Posts: 681
Joined: 2008-03-03
I remove the service and permanently delete the program files for Windows Offender.
Senior Member
Posts: 18347
Joined: 2009-01-06
Good stuff, encouraging to see it was patched so quickly.
Senior Member
Posts: 7005
Joined: 2014-09-27
"There is no problem with my locks since the day I removed them".

Senior Member
Posts: 1822
Joined: 2011-10-09
Is this included in the regular batch of 2nd Tuesday updates? I did those as soon as they became available and I just checked and nothing else is available.
Defender is disabled by my AV but not deleted or removed. Doing that is really stupid in my opinion. Even when it is disabled you still have the ability to use it as a manual backup and that's a good thing.
Senior Member
Posts: 9755
Joined: 2003-05-24
Is this included in the regular batch of 2nd Tuesday updates? I did those as soon as they became available and I just checked and nothing else is available.
Defender is disabled by my AV but not deleted or removed. Doing that is really stupid in my opinion. Even when it is disabled you still have the ability to use it as a manual backup and that's a good thing.
I got the todays updates too, but Defender is disable too by avast, so i not sure either
Member
Posts: 29
Joined: 2015-06-05
Good thing then that I disable Windows Defender.