Your computer’s antivirus protection software may have a virus itself: What you can do to protect yourself

Written by |
Advertisement

Microsoft is winning plaudits from the tech security community over its quick response to a surprise vulnerability in Windows Defender.

Read more: Virus, Spyware and Malware Protection Guide

Google security researcher: ‘Kudos’ to Microsoft for ‘amazing’ response

What happens when your antivirus protection gets a virus itself? That’s the question Microsoft reluctantly found itself asking when Google security researcher Tavis Ormandy went public on May 5 with news of a newly discovered exploit in Windows’ built-in antivirus protection.

Calling it “the worst Windows remote code exec in recent memory,” Ormandy and a fellow researcher found that Windows Defender had a vulnerability that let attackers remotely access any system without any user interaction required.

The exploit was so clever that it used one of Windows Defender’s strengths against Microsoft.

By design, Windows Defender will scan all emails, instant messages and websites. But it’s that very virtue that hackers turned into an Achilles’ heel here. For the full technical explanation of what the hackers did, read this Ars Technica briefing.

For the lay person, the takeaway is this: This exploit was particularly dangerous because users didn’t have to click or open anything to be compromised, according to Consumerist. All it took was Windows Defender’s normal propensity to scan to trip them up!

Fortunately, Microsoft acted fast to patch the massive flaw. By May 8, Ormandy tweeted the following:

If you want to be sure you’re all patched up, you want to be certain that the Microsoft Malware Protection Engine version on your system is 1.1.13704.0 or later.

Advertisement

Not sure how to do that? Consumerist recommends you take the following steps:

For Windows Defender for Windows XP, Server 2003, Vista, Server 2008, Windows 7 and Server 2008 R2

  • Click Help > About Windows Defender
  • Look for Engine Version number 1.1.13704.0 or higher

For those with Windows 8

  • Press the Windows key to open the Start screen
  • Type “Windows Defender” and click the icon
  • Click the “Update” tab
  • Click Help > About
  • Look for Engine Version number 1.1.9506.0 or later

If you have Windows 10

  • Type “Windows Defender” in the Cortana search box and hit enter
  • Click Settings > Version info
  • Look for see Engine Version number 1.1.13704.0 or higher

Read more: This secret iPhone code unlocks a hidden feature that may come in handy

Shopping online? Here’s how to spot fake retail websites

Advertisement