Mar 19, 2019 | Updated: 10:40 AM EDT

Google Project Zero Discovered Serious ‘Crazy Bad’ Windows Defender Bug, Microsoft Fixes It Right Away

May 10, 2017 02:14 AM EDT

Google project Zero team recently discovered a serious bug regarding Microsoft's Windows Defender.
Microsoft already issued an update to fix the Windows Defender bug two days before the 90-day disclosure started.

Google discovered a bad bug that is stated to put many Microsoft users at risk. The issue was reported to be associated with remote code execution (RCE) vulnerability and the company should fix it right before the 90-day disclosure deadline.

According to Network World, the Google Project Zero team handles issues of current software aside from those made by the company themselves. However, they had recently discovered a serious one in Microsoft’s Windows browser. People then wonder whether the Washington-based company could resolve it right away.

With that said, Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich then tweeted about the bug which they called a “crazy bad” bug. The bug found in Windows browsers was mentioned to be not only an RCE flaw but the “worst Windows remote code exec in recent memory.”

The 90-day disclosure was then identified to be the deadline which the company should patch the issue right away. If the company fails, the issue would be made public to all the concerned users. Ormandy didn’t give away important details about the Microsoft Windows. Yet, he bothered to post another tweet warning users that “Attack works against a default install, don't need to be on the same LAN, and it's wormable.” Wormable in a way that it could spread itself as Engadget reported.

Fortunately, Microsoft responded right away to the discovered bug by Google after two days. Microsoft's Security Response Center and Windows Defender developers came up with an update which is available via Windows Update for Windows 7, 8.1, RT and 10. It was also noted that the Control Flow Guard security feature lowers the risk of this attack on 8.1 and 10.

As Microsoft has already patched the issue, the updated version was mentioned to be automatically downloaded within the next day or two. However, checking each Windows Defender settings manually to make sure the engine is listed with version 1.1.13704.0 or higher was advised to be another option as well.

©2017 All rights reserved. Do not reproduce without permission. The window to the world of science times.
Real Time Analytics