Microsoft Issues Fix For Massive Malware Vulnerability That Affects Most PCs with Windows Defender

[froggyboy604]

A few days after security researchers discovered a massive flaw in Microsoft’s malware protection engine Windows Defender — which is used in almost every recent version of Windows — the company has issued a fix that it believes will keep attackers out.

Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich discovered an exploit dubbed CVE-2017-0290 that lets an attacker remotely access any system without any interaction from the user, reports Ars Technica.

All the hacker has to do is send an email or instant message that is scanned by Windows Defender — you don’t have to open it or click anything. Anything else that’s scanned automatically by Windows Defender — like a website — could also be used by attackers.

Read More

This security vulnerability is concerning. It's good MS fixed the vulnerability after Google informed them of the vulnerability.

It is a good idea to scan your Windows computers for viruses, malware, and spyware with an antivirus programs since your Windows computer maybe infected with malware from before MS fix this vulnerability in Windows.

It's crazy that a hacker just needs to send an e-mail, instant message, website and the user does not need to open or click anything to hack a Windows PC. This security problem can be dangerous for Windows users who use Windows Defender, and download a lot of e-mails, instant messages, browse a lot of websites, and download a lot of files.

Linux based operating systems like Debian, Cent OS, and Tails OS can be a better choices if security is very important to you because there are fewer massive malware vulnerability reports for Linux based operating systems.

 

[Demon_Skeith]

So much for their own stuff being pretty good.

 

[froggyboy604]

So much for their own stuff being pretty good.

I don't know many Windows Security savvy users, who know more about computer security, say, "that Windows Defender and Security Essentials are pretty good Antivirus programs."

A lot of users who use Security Essentials and Defender seem to be less tech savvy or lazy people who don't want to spend time finding a better free or paid antivirus program with more features like online shopping and banking protection, sandboxing programs to prevent virus infections, and faster scan times.

Windows Defender/Security Essentials had one of the lowest virus detection rate for newly released viruses in the past couple of years according to a few articles like ( Microsoft Security Essentials last in banking trojan detection test - Myce.com ) I read on virus detection rates among antivirus makers compared to other antivirus software like BitDefender.

Windows Defender and Security Essentials also seem to use a lot of RAM, and CPU resources according to online reviews, and my own experience using it after a clean Windows install, or buying a new computer which came with Windows Defender turned ON.

 

[Demon_Skeith]

Though high on resources, they do work for those who don't want to mess with other AV.

 

[froggyboy604]

Though high on resources, they do work for those who don't want to mess with other AV.

Users who use Windows Defender or Security Essentials may still have to mess with other AV if Windows Defender or Security Essentials fails them like this security vulnerability where you can get infected once Windows Defender automatically scans a infected file, and activates the virus, or a newly release virus did not get detected by Windows Defender because of Windows Defender low virus detection rates compared to other Antivirus like Bitdefender which has higher virus detection rates.