Vulnerability found by Google researcher fixed by Microsoft
Google’s researcher Travis Ormandy is after the Microsoft for finding out many anomalies and vulnerability in the Microsoft products especially Windows. Three days ago, he revealed a vulnerability in Windows. he tagged this vulnerability as a crazy bad vulnerability. Now, he is back once again with another flaw in the Microsoft Windows.
There was a flaw in the Malware Protection Engine used by Microsoft. He said, “MsMpEng includes a full system x86 emulator that is used to execute any untrusted files that look like PE executables. The emulator runs as NT AUTHORITY\SYSTEM and isn’t sandboxed. Browsing the list of win32 APIs that the emulator supports, I noticed ntdll!NtControlChannel, an ioctl-like routine that allows emulated code to control the emulator.”
In layman language, he tried to tell that it is compromising your privacy. It is so because an attacker can take the information of local files out through Defender’s scan results. If possible, they can damage the system by executing the code on your computer.
In the previous case, Travis Ormandy disclosed the vulnerability through his Twitter account. But, in this case, he did not choose to disclose the vulnerability on a public platform. He contacted Microsoft personally and this made Microsoft push a new update last week for their users.
This update has fixed the issue. Udi Yavo agreed with Travis Ormandy about the harm of that vulnerability. He also added that it was not as easy as the vulnerability Ormandy found before (zero days). Both Yavo and Ormandy rebuked Microsoft for not running it in the sandbox. They also criticized for including extra and unwanted information so that Engine can make API calls.
Related Blogs:
Windows Task Manager’s Zero-day Vulnerability, Detected by ESET