Windows 10 security: Microsoft patches critical flaw in Windows Defender

Microsoft has rolled-out security updates to fix a critical remote code execution flaw affecting Windows Defender and other anti-malware products. The critical flaw affects Microsoft Malware Protection Engine, or mpengine.dll, the core of Windows Defender in Windows 10.

“An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system,” warns Microsoft. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.” Google Project Zero researcher Thomas Dullien, aka Halvar Flake, discovered that attackers can trigger a memory-corruption issue in the engine if they can get Windows Defender and other affected security products to scan a specially-crafted file.

Microsoft warns there are many ways an attacker could achieve this, including placing the file on a website, in an email or instant message, on any site that hosts files, or in a shared directory.

Read more about the patched critical flaw in Windows Defender on ZDNet.

Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief