Microsoft Patches Defender Antivirus Zero-day Exploited In The Wild
Microsoft has addressed a zero-day vulnerability in the Microsoft Defender antivirus, exploited in the wild by threat actors before the patch was released.
Zero-days are vulnerabilities actively exploited in the wild before the vendor issues an official patch or bugs that have publicly available proof-of-concept exploits.
The zero-day patched today by Microsoft is being tracked as CVE-2021-1647 and it is a remote code execution (RCE) found in the Malware Protection Engine component (mpengine.dll).
Microsoft says that a proof-of-concept exploit for this zero-day is available, although exploitation might not be possible on most systems or the PoC might fail in some situations.
The last Microsoft Malware Protection Engine version affected by this vulnerability is version 1.1.17600.5. The zero-day was addressed in version 1.1.17700.4.
More details on how to verify the Malware Protection Engine version number are available here. Systems that aren’t affected by this vulnerability should run Microsoft Malware Protection Engine version is 1.1.17700.4 or later.
“Customers should verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded and installed for their Microsoft antimalware products,” Microsoft says.
Defender security update installs automatically
Redmond’s advisory also adds that customers don’t need to take any action to install the CVE-2021-1647 security update as it will install automatically on systems running vulnerable Microsoft Defender versions.
“In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine,” Microsoft says.
Microsoft Defender keeps both the Malware Protection Engine (the component used for scanning, detection, and cleaning) and malware definitions automatically up to date for both enterprise deployments as well as end-users.
Usually, Microsoft Malware Protection Engine updates are released once a month or when needed to protect against newly discovered threats while malware definitions are updated three times per day.
Even though Microsoft Defender can check for engine and definition updates several times a day, users can also manually check at any time if they want to immediately install the security update.
Microsoft has not yet released an official patch for a zero-day privilege escalation vulnerability in the Microsoft PSExec utility. The bug received a free micropatch through the 0patch platform last week.
Privacy Ninja provides GUARANTEED quality and results for the following services:
DPO-As-A-Service (Outsourced DPO Subscription)
PDPA Compliance Training
PDPA Compliance Audit
Digital Transformation Consultancy
Data Protection Trustmarks Certification Readiness Consultancy
PDPA Data Protection Software
Vulnerability Assessment & Penetration Testing (VAPT)
Smart Contract Audit