Late last week, Google Project Zero team members Tavis Ormandy and Natalie Silvanovich discovered a rather severe code-execution vulnerability in Microsoft’s Windows Defender malware protection software that is bundled into:
- Windows 7
- Windows 8.1
- Windows RT 8.1
- Windows 10
- Windows Server 2016
- Microsoft Endpoint Protection
- Forefront Endpoint Protection
- Intune Endpoint Protection
- System Center Endpoint Protection
- Forefront Security for SharePoint
- Microsoft Security Essentials
The great news is that Microsoft responded immediately to the discovery and had a fix in place by the end of the weekend. They stated they hadn’t seen exploitation of the vulnerability, which is good news, since the vulnerability would enable a hacker to gain control of any system running Windows Defender by just sending an email or instant message. The danger with this vulnerability is that the end user doesn’t need to click anything, simply receiving the exploit infects the system.
From Microsoft, “The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system.” This means hackers could quickly access one device after another.
The issue stems from an oversight in a privileged kernel program that allows a hacker to enable remote execution. And since the vulnerability utilizes MsMpEng, which operates at the highest privilege level, the unsandboxed nscript JavaScript interpreter running on the kernel can be exploited with only a couple lines of JavaScript.
Vulnerabilities like this are important reminders of the critical nature of patching. IT departments know the risks of not being patched, but it’s not always a top priority for leadership and thus, it often ends up being overlooked or put off. With new automated cloud patch management solutions available, addressing known vulnerabilities can be done in a matter of minutes.
Automox’s cloud-native patch management solution ensures that as new vulnerabilities are identified, they can be patched immediately. Our intuitive SaaS platform also means there are no new servers to manage or complicated training.
Most IT departments would like to be able to automate OS and software patch remediation. Whether you’re looking for set-it and forget-it simplicity or have an existing patch testing workflow, Automox is designed to complement your process.
Automox is simple, fast, and intuitive. From your dashboard, you can patch Windows, Mac OS X, and Linux with the push of a button. Automox also handles patching of 3rd party and custom software. And we do all of it on workstations and servers anywhere in the world.
About Automox
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.