Microsoft Windows Defender vulnerabilities | actually modified the open source code

Recently, security personnel discovered a Windows Defender vulnerability, which was a remote code execution vulnerability that was discovered through Microsoft's own open source archiving tool. An attacker can use this vulnerability to perform remote code operations on a computer and even perform downloads on their own. The operation of the file.

According to the security personnel, the attacker only needs to download the specially crafted .rar file when the scanning function of the anti-malware engine is turned on. In many cases, the file download will be executed automatically. When the malware scans this file, it will cause memory damage. Errors, thereby executing malicious code, further controlling the computer.

Google security officer Halvar Flake discovered this error and reported it to Microsoft. However, people do not have to worry too much about the latest versions of the Microsoft Malware Protection Engine for Windows Defender, Security Essentials, Exchange Server, Forefront Endpoint Protection, and Intune Endpoint Protection. The error CVE-2018-0986 has been fixed and the user can update the device.