Critical Windows security alert, UPDATE your systems immediatly

[_Gea]

There is a bug in Windows Defender that allows an attacker to take ownership of a Windows system by simply reading an email or visit a website without any further action.

Microsoft Security Advisory 4022344
1252 - MsMpEng: Remotely Exploitable Type Confusion in Windows 8, 8.1, 10, Windows Server, SCEP, Microsoft Security Essentials, and more. - project-zero - Monorail

The german IT related newspaper c't called it dramatically with an emergency alert
Dramatische Sicherheitslücke in Virenschutz-Software von Windows geschlossen

 

[DeathFromBelow]

You can download a fix here.

 

[sknight]

I get an error trying to get it installed on my Win 10 Pro system.
Please refrain from any snarky remarks suggesting any alternative OS. -Thanks!
Does anyone have a link to manually download and install this update?

Thanks,

Silver

 

[Chuklr]

I get an error trying to get it installed on my Win 10 Pro system.
Please refrain from any snarky remarks suggesting any alternative OS. -Thanks!
Does anyone have a link to manually download and install this update?

Thanks,

Silver

Open Windows Defender --> Click Help --> Click About: if the Engine Version number is 1.1.13704.0 or higher the update has been applied and you're good to go. If the Engine Version is older then click the Update tab and update the definitions and recheck the Engine Version. Hope this helps.

 

[sknight]

Will try when I get home tonight Chuklr. Thanks for another option. I was actually hoping for a link to download the file directly.
Does anyone know if that exists?

Thanks again,

Silver

 

[Chuklr]

Will try when I get home tonight Chuklr. Thanks for another option. I was actually hoping for a link to download the file directly.
Does anyone know if that exists?

Thanks again,

Silver

The Microsoft Security Advisory 4022344 states, in pertinent part:

...

Advisory FAQ

Is Microsoft releasing a Security Bulletin to address this vulnerability?
No. Microsoft is releasing this informational security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft.

Typically, no action is required of enterprise administrators or end users to install this update.

Why is no action required to install this update?
In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.

For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Engine are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating.

Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Engine updates and malware definitions, is working as expected in their environment.

How often are the Microsoft Malware Protection Engine and malware definitions updated?
Microsoft typically releases an update for the Microsoft Malware Protection Engine once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed.

Depending on which Microsoft antimalware software is used and how it is configured, the software may search for engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time.

How can I install the update?
Refer to the section, Suggested Actions, for details on how to install this update.

...


Suggested Actions

Verify that the update is installed
Customers should verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded and installed for their Microsoft antimalware products.

For more information on how to verify the version number for the Microsoft Malware Protection Engine that your software is currently using, see the section, "Verifying Update Installation", in Microsoft Knowledge Base Article 2510781.

For affected software, verify that the Microsoft Malware Protection Engine version is 1.1.13704.0 or later.

If necessary, install the update

Administrators of enterprise antimalware deployments should ensure that their update management software is configured to automatically approve and distribute engine updates and new malware definitions. Enterprise administrators should also verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded, approved and deployed in their environment.

For end-users, the affected software provides built-in mechanisms for the automatic detection and deployment of this update. For these customers, the update will be applied within 48 hours of its availability. The exact time frame depends on the software used, Internet connection, and infrastructure configuration. End users that do not wish to wait can manually update their antimalware software.

For more information on how to manually update the Microsoft Malware Protection Engine and malware definitions, refer to Microsoft Knowledge Base Article 2510781.

...

There is no stand alone patch. The patch is accomplished by updating the Windows Defender definitions.

 

[B00nie]

No need to do anything folks. Windows just works (tm).

Haahhahhaa!

 

[Hitti2]

services.msc/windows defender/disable.

 

[muz_j]

services.msc/windows defender/disable.

Correct - disabling Windows Defender is a good move and this vulnerability relies on a java-script based attack.
No scripting = no issue.
My browser disables scripting on any domain by default until I enable it - using the No Script plugin for Firefox.

 

[PliotronX]

Thanks for the info dudes, some of the clients at work have the SCEP so we will be checking some versioning reports in the AM...