Amazing security bug in Windows Defender

Microsoft has moved quickly to block a security hole in their own anti-virus software, Windows Defender.

We’re used to seeing email or instant messaging used to infect a computer when opening a document in Word or Excel, maybe an email in Outlook. But this is quite different and very worrying.

The bug is in Microsoft’s own antivirus software.  The core of Defender is Microsoft Malware Protection Engine (MMPE) which scans all incoming files and emails.

Researchers found a way to infect a computer via the anti-virus checks themselves.

The automatic scan of an email or file, before you see it, could infect a computer. That’s because of the security bug and that anti-virus software has a high-level of access to Windows.

Windows Defender is in Windows 7, 8.1, RT and 10 plus Windows Server.  The faulty MMPE is the core of all Microsoft’s anti-virus products including the Forefront and Endpoint products plus the old ‘Security Essentials’,

This security bug has NOT been used publicly, as far as we know. Google researchers found the bug, reported it to Microsoft who, it’s reported, took only two days to fix it.

What to do

Most people don’t need to do anything. That’s the standard line given out by Microsoft but, as usual, it doesn’t tell the whole story.

Windows Defender is automatically updated if you have the default settings and a regular, unmetered Internet link. According to Microsoft, Defender updates are pushed out over a 48 hour period.

Not everyone is in the same situation.

You might have limited Internet access and turned on the excellent (but somewhat hidden) Metered Connections settings. On a Metered Connection some updates are not downloaded automatically.

Travelers or people in remote places might only link to the Internet briefly (to send/receive mail and some browsing). That might not be long enough for Windows to detect and fully download updates, because it tries to download in the background without slowing your normal Internet use.

If you’re unsure, go to Windows Defender and choose the Update button. That should update both the Defender engine and the anti-virus definitions.

How to make sure

To make sure you’re covered against the particularly nasty Microsoft bug, check the Defender engine version – not the definitions version.

You need engine version 1.1.13704.0 or higher.

If you have that version or higher, and hopefully you will, relax.  If not, run Defender update right away then check again.

In Windows 10, go to Settings | Update | Windows Defender to check.

Windows 8:  Windows Defender | Help | About

Windows 7: Windows Defender | Help | About Windows Defender