Microsoft Patches The Exploited Defender Antivirus Zero-day
With a new patch update, the Microsoft has fixed a zero-day vulnerability in the Microsoft Defender Antivirus, which was previously exploited by hackers before the patch was released.
As per the reports, Zero-days are the vulnerabilities which were actively exploited by hackers before the company has offered an official patch or bugs that have publicly available proof-of-concept exploits.
The aforementioned vulnerability is patched recently by Microsoft, that is being tracked as CVE-2021-1647, and it’s a remote code execution found in Malware Protection Engine component.
About Proof-Of-Concept Available
According to Microsoft, a proof-of-concept exploit for this zero-day is available. However, the exploitation might not be possible in most of the cases or the PoC might fail in some situations.
Reportedly, the last Microsoft Malware Protection Engine version that is affected by this vulnerability is 1.1.17600.5, and the same is addressed in its newer version 1.1.17700.4
The systems which are not affected by zero-day vulnerability should run the newer Microsoft Malware Protection Engine version 1.1.17700.4 or later ones.
As per the company, “Customers should verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded and installed for their Microsoft antimalware products.”
The Defender Security Update Is Installing Automatically
As per the advisory from Redmond, the customers needn’t to take any action to install CVE-2021-1647 security update because it’s all set to install on systems running vulnerable Microsoft Defender versions.
Microsoft says, “In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine.”
The Malware Defender app keeps both the Malware Protection Engine including the component used for scanning, detection and cleaning and malware definitions automatically up to day for all types of users.
In most of the cases, the Malware Protection Engine updates are offered once a month or when it requires to protect against newly discovered threats, however the malware definitions are updated thrice a day.
Although Microsoft Defender can check for engine and definition updates several times a day, the users can still check it manually whenever they require to install the security update.
However, the Microsoft has not yet released any official patch for a zero-day vulnerability in the Microsoft PSExec utility. But, the bug has received a free micropatch through the 0patch platform in last week of January.