Friday, 16 November 2018
Latest news
Main » Microsoft Fixes Serious Windows Defender Bug, Update Now

Microsoft Fixes Serious Windows Defender Bug, Update Now

11 May 2017

"An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights", wrote Microsoft.

The security flaw was found by researchers working for Google's Project Zero team, in Microsoft anti-malware software such as Windows Defender. Probably nothing. By default, tools that rely on the Microsoft Malware Protection Engine are kept up to date automatically for both Microsoft's business customers and general consumers.

"We believe Microsoft Edge and Bing provide the best and most secure experience on Windows 10 S. Customers are in control of their Windows experience and users who prefer to install apps from outside the Windows Store and modify default settings can choose Windows 10 Pro instead". That's because those updates disabled the EPS filter in Office as a defense-in-depth measure, Microsoft researchers said Tuesday in a blog post. If you have version 1.1.13704.0, you've already got the update.

Coach's Kate Spade Purchase Buys a Bagful of Millennials
Coach CFO Kevin Wills said he expects to realize a run rate of about $50 million within three years of the deal's closing. Kate Spade & Co shares rose $1.45 (+8.54%) in premarket trading Monday.

However, on the contrary, even if Microsoft doesn't allow a UWP version of Chrome, this is not a substantial matter of concern for Google as they weren't interested in that in the first place. That's one of the big problems with anti-malware software: by trying to protect the system from every angle, they also expose their own vast attack surface.

At a high level, a staggering 57 common vulnerabilities and exposures (CVEs) have been addressed as part of this month's Patch Tuesday and is comprised of 16 critical and 41 important updates.

Microsoft has issued an emergency fix for a "crazy bad" security flaw in some versions of Windows. "To exploit the vulnerability, in most situations an unauthenticated attacker would send a specially crafted packet to the SMBv1 server".

Congress Warns US Airlines to Improve Customer Service
Southwest said last week it would upgrade its reservation system and change its cancellation policy to end overbooking altogether. Congress warned United CEO Oscar Munoz that unless things change, the airline will feel the wrath of lawmakers.

Project Zero researchers find security issues and report them to Microsoft to fix within 90 days before Google goes public with the detailed information.

Microsoft quickly fixed the flaw after the duo reported it. The fact that the company didn't want to wait testifies to the severity of the flaw, which had been discovered only Friday by two Google security researchers. Some security professionals criticized Ormandy for announcing the bug discovery on Twitter, while others felt the Tweet was harmless because no technical details were divulged. "After all, customers have reasonable expectations that malware protection technologies should do exactly that - not offer cyber criminals unexpected new attack vectors". "Anything less would smack of negligence".

"The issue exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests". "As this is actively exploited in the wild and attackers can take complete control of the victim system, this should be treated with priority".

Aaron Hernandez Will 'Always Be Guilty,' Says Odin Lloyd's Mother
The suicide stunned his family because it came just days after Hernandez been found not guilty of a 2012 double murder. When Hernandez was arrested in June 2013 for the murder, he had a $41 million National Football League contract.

The vulnerability itself, though, is worth discussing because it once again calls into question whether antivirus software is a good idea.