‘Crazy bad’ Windows bug used antivirus to infect computers

Microsoft has started rolling out a fix for the issue

Aatif Sulleyman
Wednesday 10 May 2017 11:41 BST
Comments
The bug allowed cyber criminals to view, change, or delete data and create new accounts
The bug allowed cyber criminals to view, change, or delete data and create new accounts (REUTERS/Shannon Stapleton)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A recently discovered vulnerability in Windows has been described by security experts as “the worst Windows remote code execution in recent memory.”

It allowed cyber criminals to remotely gain control of a computer running Microsoft’s desktop operating system, without the user actually falling for a scam or doing anything wrong.

The bug, which was discovered by Tavis Ormandy and Natalie Silvanovich, instead targeted the malware protection engine powering Windows Defender.

Attackers were able to hijack a Windows 8, Windows 8.1 or Windows 10 computer by sending a “specially crafted” malicious file to it, via email or instant messenger, for instance.

Rather than protecting users against it, the Microsoft Malware Protection Engine would unintentionally trigger the malware by automatically running a scan on it.

“An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system,” wrote Microsoft in a security advisory.

“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Mr Ormandy, a vulnerability researcher at Google’s Project Zero, described the bug as “crazy bad”.

However, he also praised Microsoft for the speed at which it reacted to the discovery.

The company has issued an update, which is automatically rolling out to users.

You can see if your computer has received the update by launching Windows Defender – search for it on the taskbar if you don't know where to locate it – and opening the Settings menu.

The build version of the program should be 1.1.13704.0 or higher.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in