Maliciously Crafted Files Can Dork-up Defender

Among today’s more Critical alerts, Microsoft also released a bulletin describing a remote code execution flaw that affects Windows Defender running on Windows 7 and Server 2008 R2.

For those that don’t know, Windows Defender is Microsoft’s free Antivirus program. It ships by default with Windows Vista and 7, and is an optional download for older versions of Windows. According to Microsoft, Defender suffers from something they call an “improper pathname” vulnerability. In short, if an attacker can place a maliciously crafted application in a specific location on your Windows computer, she could leverage this flaw to gain full, SYSTEM-level privileges to your machine.

The good news is an attacker needs valid login credentials, and access to your computer, in order to place this malicious application on the system. This significantly mitigates the risk of this flaw, which is why Microsoft only assigns it an Important severity rating. Nonetheless, remote code execution flaws in security products are no laughing matter, even if they take significant privileges to exploit. If you run Windows Defender, I highly recommend you apply Microsoft’s Defender updates as soon as you can.— Corey Nachreiner, CISSP (@SecAdept)