Microsoft rushes emergency fix for critical antivirus bug

 

Microsoft's security team fixed a type confusion flaw in its malware engine that affects practically all of its security products

The point of antivirus is to keep malware off the system. A particularly nasty software flaw in Microsoft’s antivirus engine could do the exact opposite and let attackers install malware on vulnerable systems.

The critical security vulnerability in the Microsoft Malware Protection Engine affects a number of Microsoft products, including Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Forefront Security for SharePoint, Microsoft Endpoint Protection, and Microsoft Forefront Endpoint Protection. These tools are enabled by default in Windows 8, 8.1, 10, and Windows Server 2012.

Prease to read more here:

http://www.infoworld.com/article/3194763/endpoint-protection...

http://www.tomshardware.com/news/microsoft-windows-malware-p...

--
Never argue with a pig. It makes you look foolish and it anoys the hell out of the pig!

.

I've always used another AV, and never Defender.

I never realised how maintenance-intensive Windows was, until I started using Linux. It's my daily driver.

--
nüvi 3790T | nüvi 775T | Those who make peaceful revolution impossible, will make violent revolution inevitable ~ JFK

Hmmmmm...????

Juggernaut wrote:

I've always used another AV, and never Defender.

I never realised how maintenance-intensive Windows was, until I started using Linux. It's my daily driver.

Who drives you at night? razz

Actually; Linux (I don't know about now) used to get almost daily updates automagically....Very few ever required a restart of the system and if you left your machine running when you went to the store or .. or... or... ir could and would install patches on it's own.

--
Never argue with a pig. It makes you look foolish and it anoys the hell out of the pig!

Thanks for the heads up.

Thanks for the heads up. Mine was updated automatically this afternoon. I'm now running Microsoft Malware Protection Engine Version: 1.1.13704.0

Mint Rosa

BarneyBadass wrote:

Actually; Linux (I don't know about now) used to get almost daily updates

Mint is very mature at this point. No reboots after an update.

--
nüvi 3790T | nüvi 775T | Those who make peaceful revolution impossible, will make violent revolution inevitable ~ JFK

Wow..

All over it..thanks.

Good for them

It's just for their own AV (which has improved quite a bit mind you) but good for them to react this fast. If all software vendors would act like that it would be a different world...

Really?

jale wrote:

...but good for them to react this fast.

They only reacted that fast after someone told them of the flaw! They didn't know about it until then.

--
nüvi 3790T | nüvi 775T | Those who make peaceful revolution impossible, will make violent revolution inevitable ~ JFK

.

Juggernaut wrote:
jale wrote:

...but good for them to react this fast.

They only reacted that fast after someone told them of the flaw! They didn't know about it until then.

That's the way it works. Whitehat researchers find a security flaw(s). They inform the product manufacturers and they respond by testing the flaw(s) and releasing a fix. What's wrong with that?

?

chewbacca wrote:

What's wrong with that?

MS isn't smart enough to figure out their own code? Or, are we beta testing for them as usual?

--
nüvi 3790T | nüvi 775T | Those who make peaceful revolution impossible, will make violent revolution inevitable ~ JFK

.

Juggernaut wrote:
chewbacca wrote:

What's wrong with that?

MS isn't smart enough to figure out their own code? Or, are we beta testing for them as usual?

I guess it's the way they do business... by offering bounties to anyone who finds bugs. Their own employees aren't eligible for bounty:
https://technet.microsoft.com/en-us/security/dn425055.aspx

WHO IS NOT ELIGIBLE TO PARTICIPATE?

* You are currently an employee of Microsoft Corporation or a Microsoft subsidiary, or an immediate family (parent, sibling, spouse, or child) or household member of such an employee;

* Within the six months prior to your submission you were an employee of Microsoft Corporation or a Microsoft subsidiary;

And The Irony Is....

Juggernaut wrote:
chewbacca wrote:

What's wrong with that?

MS isn't smart enough to figure out their own code? Or, are we beta testing for them as usual?

There's literally an infinite combination of hardware and software configurations.

Sometimes, what happens on one hardware software configuration will never be seen on another machine.

Sometimes these issues only are seen on a purely "native" system with almost no additional software (video, sound, usb drivers) either included or excluded.

Unless you've actually been baptized in global commercial software development, you can't possibly imagine all the things that happen.

Sometimes it's a piece of hardware that exposes the issue to be observed.

Sometimes it's another piece of that causes the exposure to be observed.

Believe it or not, sometimes it's something created because of one CPU over another, like timing issues or other things like that..

So saying they aren't smart enough isn't quite fair.. smart they likely are.

Being clairvoyant, that's quite something else!

Been there done that don't gotta do it any more, WHEW! razz

--
Never argue with a pig. It makes you look foolish and it anoys the hell out of the pig!

.

There were far more HW combinations back in the XP days.

Face it, MS f**ked up big time. I have zero confidence in Win 10 anymore, on multiple levels.

--
nüvi 3790T | nüvi 775T | Those who make peaceful revolution impossible, will make violent revolution inevitable ~ JFK

exactly

BarneyBadass wrote:

There's literally an infinite combination of hardware and software configurations.

~snip~

Yup, no way in the world to test every possible bug/flaw before releasing a program.

Despite all the hate it seems a lot of folks have for MS, Windows (7) still the most widely used OS for a computer.

https://www.computerhope.com/issues/ch001777.htm

--
. 2 Garmin DriveSmart 61 LMT-S, Nuvi 2689, 2 Nuvi 2460, Zumo 550, Zumo 450, Uniden R3 radar detector with GPS built in, includes RLC info. Uconnect 430N Garmin based, built into my Jeep. .