Microsoft rolled out an emergency patch late last week to patch a critical security flaw in the Malware Protection Engine that’s powering the majority of its security products, including the Windows default antivirus Windows Defender.
The vulnerability was discovered by the National Cyber Security Centre (NCSC), which is part of the UK's spy agency GCHQ, as it assesses antivirus solutions following concerns of Kaspersky software involved in cyber-spying operations.
The UK National Cyber Security Center issued a warning in early December to >recommend against using Russian software
>recommend against using Russian software, including Kaspersky, on agency computers, due to the risk of cyber-espionage and Kremlin ties.
“We advise that where it is assessed that access to the information by the Russian state would be a risk to national security, a Russia-based AV company should not be chosen. In practical terms, this means that for systems processing information classified SECRET and above, a Russia-based provider should never be used,” NCSC CEO Ciaran Martin said in the public letter.
Update deployed automatically
While the UK said it was working with Kaspersky on addressing their security concerns, the NSCS probe of Microsoft’s antivirus brought to light a major critical remote code execution bug that would allow an attack to take full control of an unpatched system.
A successful exploit involves a crafted file to be deployed on a vulnerable Windows system to have it scanned by Windows Defender or other Microsoft security product powered by the Malware Protection Engine. The way the vulnerability can be exploited increases risks of attacks in the case of systems with real-time protection turned on, as the malicious files would be scanned as soon as they are deployed on the target computer.
Microsoft, however, says it wasn’t aware of any attacks, and the company worked with the UK spy agency to have this patched silently. The emergency patch is deployed automatically on Windows systems, and Microsoft malware Protection Engine version 1.1.14405.2 and newer is protected against exploits of this vulnerability.
To check the version of the Malware Protection Engine on a Windows 10 computer, you need to launch the Settings app by typing settings in the Start menu and go to Update & security > Windows Defender.
Source : http://news.softpedia.com/news/uk-spy-agency-finds-severe-flaw-in-microsoft-antivirus-in-kaspersky-bye-bye-push-518918.shtml