Microsoft recently patched a critical vulnerability in its ubiquitous built-in antivirus engine.
The vulnerability could have allowed attackers to execute malicious code by luring users to a booby-trapped website or attaching a booby-trapped file to an e-mail or instant message.
A targeted user who had real-time protection turned on wasn’t required to click on the booby-trapped file or take any other action other than visit the malicious website or receive the malicious e-mail or instant message.
Even when real-time protection was off, malicious files would be executed shortly after a scheduled scan started.
The ease was the result of the vulnerable x86 emulator not being protected by a security sandbox and being remotely accessible to attackers by design.
That’s according to Tavis Ormandy, the Google Project Zero researcher who discovered the vulnerability and explained it in a report published Friday.
Ormandy said he identified the flaw almost immediately after developing a fuzzer for the Windows Defender component.
Fuzzing is a software testing technique that locates bugs by subjecting an application to corrupted data and other types of malformed or otherwise unexpected input.
Read 6 remaining paragraphs