Simply receiving an email could have allowed hackers to take over your PC, according to security researchers.
The exploit, which was patched by Microsoft before being made public, sounds pretty scary and is a bit of an open goal as far as security vulnerabilities go.
Microsoft said it hadn’t seen any examples of this hack before patching it, so it’s unlikely anybody actually fell victim to an attack.
How did the hack work?
The culprit is Microsoft Malware Protection Engine (MMPE), which is the technology behind Windows Defender, installed on all Windows PCs by default.
The vulnerability was discovered by two security researchers, Natalie Silvanovich and Tavis Ormandy on Google’s Project Zero. It showed that a cleverly-crafted email or instant message attachment could worm its way through Windows Defender without detection.
Amazingly, you don’t even have to open the attachment, it simply has to be received (via a messenger app or email application that’s scanned by Defender) and be scanned in order to take control. If you had real-time protection enabled in Defender, the exploit would have been activated immediately. If you didn’t the next time the file was scanned in a scheduled system scan would have woken it up.
Because MMPE is given the highest level of access, it has absolute control over the system. If you’re able to bypass it, you can do pretty much anything you like.
It’s a scary attack because there’s essentially nothing you can do to prevent it, aside from hope that people who email you aren’t trying to hack you.
What should I do?
Nothing: Windows Defender is updated automatically several times a day and Microsoft has already issued a patch to prevent this exploit from being used.
You shouldn’t stop using Defender, as it provides a good level of baseline protection, and this vulnerability is now fixed.
It’s also not clear whether having another piece of antivirus software installed would have prevented this attack.
What can we learn?
Nobody is immune. In our recent Best Free Antivirus test, data suggested Windows Defender was doing nearly as good a job as the likes of Avast and Avira.
What it shows is that any piece of security software is vulnerable to unknown attacks. Antivirus ratings are all well and good, but the companies that conduct the tests can only use known malware to see how good each piece of software. As new viruses are developed all the time, it’s inevitable that some might try and holes in security software.
Related: Best laptops
What anti-virus software do you use? Tell us your thoughts on it in the comments below.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
