by Bill Snyder

Cunning hack attacks built-in Windows anti-malware software

May 10, 2017
MalwareSmall and Medium BusinessWindows

Quick action by Google and Microsoft appears to have put out the fire. But it’s another reminder that running old versions of Windows can be dangerous.

windows defender primary
Credit: Microsoft/Rob Schultz/IDG

Malware attacks rarely have a bright side, but it appears that Microsoft moved very quickly to squash a dangerous hack directed against Windows Defender, the operating system’s built-in security software. Chances are good that if you’re running Windows 10, Microsoft has already patched your computer through its automated updated process.

You can easily find out by checking “Windows Defender Settings.” (Simply type that phrase into Cortana and you’ll see the right page to click on.) Take a look at the engine version: If it is 1.1.13704.0 or higher that means you’ve been patched. If you’re running an older version of Windows, it probably has not been patched and you’d better run an anti-virus scan immediately.

I know that some security companies and some writers tend to go overboard when a new hack is discovered, but this one was quite serious and rather creepy. It’s creepy because it attacks a computer through the very software intended to protect it.

Unlike a typical piece of malware, this one can get into your machine even if you don’t click on a poisoned link or open a tainted email. If an attacker sends you an email or instant message that is then scanned by Windows Defender, the malware is activated and can be used to take over your PC. It can even become a so-called worm, which means it can spread from one PC to another via a network or the Internet.

The attack was discovered on Friday by researchers at Google who tweeted that this was “the worst Windows remote code exec in recent memory. This is crazy bad.” Although it can take quite some time to develop a patch, Microsoft moved very quickly and released a fix Monday night. The security bulletin issued by Microsoft said that its team has not seen any public attacks based on the hack.

I know many computer users resent having to upgrade to a new versions of Windows, but you need to understand that Microsoft no longer issues security patches for Windows 7 or Windows 8, let alone Vista or XP. That may seem like a way to bully users into upgrading, but it is worth noting that the company let users upgrade from Windows 7 for about a year at no charge.

Unfair or not, that’s Microsoft’s policy. Since the potential consequences of having an unprotected machine are quite serious, it’s worth gritting your teeth and upgrading your system.