Your computer’s antivirus protection software may have a virus itself: What you can do to protect yourself

|
Microsoft logo outside corporate building
Image Credit: Dreamstime
Team Clark is adamant that we will never write content influenced by or paid for by an advertiser. To support our work, we do make money from some links to companies and deals on our site. Learn more about our guarantee here.
Advertisement

Microsoft is winning plaudits from the tech security community over its quick response to a surprise vulnerability in Windows Defender.

Read more: Virus, Spyware and Malware Protection Guide

Google security researcher: ‘Kudos’ to Microsoft for ‘amazing’ response

What happens when your antivirus protection gets a virus itself? That’s the question Microsoft reluctantly found itself asking when Google security researcher Tavis Ormandy went public on May 5 with news of a newly discovered exploit in Windows’ built-in antivirus protection.

Calling it “the worst Windows remote code exec in recent memory,” Ormandy and a fellow researcher found that Windows Defender had a vulnerability that let attackers remotely access any system without any user interaction required.

The exploit was so clever that it used one of Windows Defender’s strengths against Microsoft.

By design, Windows Defender will scan all emails, instant messages and websites. But it’s that very virtue that hackers turned into an Achilles’ heel here. For the full technical explanation of what the hackers did, read this Ars Technica briefing.

For the lay person, the takeaway is this: This exploit was particularly dangerous because users didn’t have to click or open anything to be compromised, according to Consumerist. All it took was Windows Defender’s normal propensity to scan to trip them up!

Fortunately, Microsoft acted fast to patch the massive flaw. By May 8, Ormandy tweeted the following:

If you want to be sure you’re all patched up, you want to be certain that the Microsoft Malware Protection Engine version on your system is 1.1.13704.0 or later.

Not sure how to do that? Consumerist recommends you take the following steps:

For Windows Defender for Windows XP, Server 2003, Vista, Server 2008, Windows 7 and Server 2008 R2

  • Click Help > About Windows Defender
  • Look for Engine Version number 1.1.13704.0 or higher

For those with Windows 8

  • Press the Windows key to open the Start screen
  • Type “Windows Defender” and click the icon
  • Click the “Update” tab
  • Click Help > About
  • Look for Engine Version number 1.1.9506.0 or later

If you have Windows 10

  • Type “Windows Defender” in the Cortana search box and hit enter
  • Click Settings > Version info
  • Look for see Engine Version number 1.1.13704.0 or higher

Read more: This secret iPhone code unlocks a hidden feature that may come in handy

Shopping online? Here’s how to spot fake retail websites

Advertisement
Theo Thimou About the author: Theo Thimou
Theo is director of content for clark.com. He has co-written 2 books with Clark Howard, including the #1 New York Times bestseller Clark Howard's Living Large in Lean Times.
View More Articles
  • Show Comments Hide Comments