Windows Defender Vulnerabilities?

Discussion in 'other security issues & news' started by itman, May 26, 2017.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Anyone know anything about this? I just got an e-mail from Microsoft about this:
    I turned on WD's periodic scanning and ran a def. update. Thought that would have updated WD's engine; it didn't.

    Appear the above vulnerabilities are all unpatched.
     
  2. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,872
    Will be patched in a future update in all editions of Windows 10.
     
  3. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Maybe related to the previously announced work from the Google engineer?
     
  4. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Yup: https://twitter.com/taviso/status/868211142530748416

    My engine version is 1.1.13804.0 which is newer than the previous security-related engine update.

    https://bugs.chromium.org/p/project-zero/issues/detail?id=1261
     
  5. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,418
    Location:
    Slovakia
    It has been patched, but it can be vulnerable again and it does not change the fact, that mpengine is doing something insane. Then again, all AVs run with system privileges, so no surprise there.

     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Thanks folks for the input. My engine ver. is 1.1.13804.0, so it appears that updated when I ran a WD def. update yesterday. The Microsoft TechnNet alert was a bit confusing in that it implied it would be corrected with a Win Update.

    I don't use WD but I try to keep it updated since it is the backup AV if for some reason my third party AV malfunctioned.
     
    Last edited: May 27, 2017
  7. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,418
    Location:
    Slovakia
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
  9. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    I'm assuming you're planning on never using Chrome, or Windows, or any software that connects to the internet also?

    edit: Just checked, this is part of the same set of exploits that was already fixed. So it's not "another vulnerability fixed" but "this is also one of the vulnerabilities that were previously fixed".

    But then again you get your news from softpedia..?
     
    Last edited: May 31, 2017
  10. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    3,418
    Location:
    Slovakia
    No other software uses system privileges and tons of scripting, which can be exploited, not even Windows itself. Mpengine is just acting crazy by default (thus the name) as explained in articles.

    I honestly wonder, what is the hostility against Softpedia, I have noticed it on several webpages. It is the best webpage to download drivers/software without adware/malware.
    And it is also great in gathering news, other webpages just display news like junk, CNET, Infoworld, etc.
     
    Last edited: May 31, 2017
  11. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    The biggest vulnerability for WD is that it is not effective in detecting true Zero-Day malware. To the best of my knowledge there is not a patch for that...
     
  12. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    I just ran a scan and it found something for the first time. I have no idea how it found its way onto my system. I have removed it.

    WindowsDefender_detection_01.JPG WindowsDefender_detection_02.JPG WindowsDefender_detection_03.JPG
     
  13. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Doubt it's a problem.

    It's detected a Firewall rule for blocking Defender internet communication, and marked it as a threat.

    I'd say you added that manually or you're using some "privacy" program that blocked it.

    Also, this is not the thread to post this in.
     
  14. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    It seems that it found a firewall rule that it didn't like, so I wouldn't worry to much. I don't know which rule triggered it and their threat encyclopedia doesn't say much either: https://www.microsoft.com/security/.../Entry.aspx?Name=Trojan:Win32/BlockMsav.A!reg

    I see that elapsed beat me to it :)
     
  15. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    I didn't think it was that much of a concern, and the FW rule has been deleted. :) As to which thread to post in, I wasn't sure. Maybe the mods can move it to the appropriate location. ;)
     
  16. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
  17. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Time to turn on WD again .......... and apply another patch:rolleyes:
    https://www.infosecurity-magazine.com/news/microsoft-patches-another-windows/
     
  18. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    I will just be glad when they finish sewing up as many (of these and other) loose ends as they can in whatever time period they end up setting to some final release for a WHOLE (mostly stitched up and functional) unit where an end user can purchase the thing largely fixed.

    This update upgrade extended and regular patching craze is something else. Would like to eventually and finally system up in one single shebang without all this overwriting detail so often.
     
  20. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    Still glad I am not running WD.
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    LOL, good one.

    Who knows how many "crazy bad" exploitable bugs are still to be discovered. :thumb:
     
  22. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,233
    Does anyone seriously believe that the major third-party AVs don't also have serious bugs and weaknesses? The NSA leaks alone show us that they do. Mind the fall from that high horse.

    Sure, why not mention just a couple, while barely trying to even scratch the surface:

    Avira critical vulnerability allowing an attacker to take over users’ account, putting millions of its users’ account at risk
    https://thehackernews.com/2014/09/avira-vulnerability-puts-users-online.html

    Krapersky vulnerability that is "as bad as it gets"
    http://www.securityweek.com/kaspersky-patches-critical-vulnerability-antivirus-products

    Horrendous Symantec/Norton vulnerabilities
    https://googleprojectzero.blogspot.com/2016/06/how-to-compromise-enterprise-endpoint.html

    Serious vulnerability in Trend Micro products
    https://bugs.chromium.org/p/project-zero/issues/detail?id=693&redir=1

    Vulnerability in Avast allows reading of any file simply by having the victim click a link
    https://bugs.chromium.org/p/project-zero/issues/detail?id=679&redir=1

    AVG, McAfee, Krapersky fun...
    http://www.securityweek.com/critical-flaw-found-avg-mcafee-kaspersky-products

    Too much fun to even summarize
    http://www.pcworld.com/article/3096...s-code-hooking-opens-the-door-to-hackers.html

    I'm tired of this, so I won't post more links (though there are many, many others), and won't go into how many third-party products make SSL traffic vulnerable by design.

    So I'll just unnecessarily point out how tremendously awesome I am by saying I'm glad I don't run any of those applications.
     
    Last edited: Jul 7, 2017
  23. ExtremeGamerBR

    ExtremeGamerBR Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    1,351
    @nameless this kind of clarity and knowledge is very, very important. Thank you very much.
     
  24. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    And it didn't just start recently.

    Exactly why they become obsolete in this camp for a nice long time now.

    There are more efficient alternatives if one is driven to study and then implement those better options.
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I didn't see anyone in this thread claiming that other AV's are secure, in fact that's old news. But what's new, is that even Win Defender which is less complex than most third party AV's, is very leak. But of course I would still advice people to use AV's, because most people are no security experts, and I'm not sure how big of a threat these AV flaws are for home users.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.