This week, as part of its long-standing monthly “Patch Tuesday” regime, Microsoft released security updates to fix more than 80 flaws in its software.
Amongst the critical security vulnerabilities patched by Microsoft was one that – ironically – exploited usage of the company’s own Windows security product, Microsoft Defender Antivirus.
The actively-exploited remote code execution flaw (given the technical name of CVE-2021-1647) can be triggered by the mere act of Microsoft Defender attempting to scan a boobytrapped file for malware.
And as Microsoft Defender is always attempting to protect users from malware attacks that means that a user doesn’t have to be duped into clicking on an executable file or dangerous link to activate the attack.
As soon as Microsoft Defender sees the boobytrapped file on your computer it will try to scan it, get its knickers in a twist, and allow malicious code to run instead.
D’oh!
The good news is that your installation of Microsoft Defender is almost certainly already protected, as it is pretty much constantly updating itself anyway to deal with new malware threats – it’s just that on this occasion the dodgy code that it is arguably protecting you from was written by Microsoft’s own developers!
Version 1.1.17700.4 and later of the Microsoft malware protection engine are said to not be affected by the flaw – so check that you are running the latest version of the Microsoft Defender software, and ensure that it is up-to-date with its malware definitions.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
