Microsoft has rolled-out security updates to fix a critical remote code execution flaw affecting Windows Defender and other anti-malware products. The critical flaw affects Microsoft Malware Protection Engine, or mpengine.dll, the core of Windows Defender in Windows 10.
“An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system,” warns Microsoft. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.” Google Project Zero researcher Thomas Dullien, aka Halvar Flake, discovered that attackers can trigger a memory-corruption issue in the engine if they can get Windows Defender and other affected security products to scan a specially-crafted file.
Microsoft warns there are many ways an attacker could achieve this, including placing the file on a website, in an email or instant message, on any site that hosts files, or in a shared directory.
Read more about the patched critical flaw in Windows Defender on ZDNet.