Windows Defender Hack: How it works and what you need to know

Simply receiving an email could have allowed hackers to take over your PC, according to security researchers.

The exploit, which was patched by Microsoft before being made public, sounds pretty scary and is a bit of an open goal as far as security vulnerabilities go.

Microsoft said it hadn’t seen any examples of this hack before patching it, so it’s unlikely anybody actually fell victim to an attack.

How did the hack work?

The culprit is Microsoft Malware Protection Engine (MMPE), which is the technology behind Windows Defender, installed on all Windows PCs by default.

The vulnerability was discovered by two security researchers, Natalie Silvanovich and Tavis Ormandy on Google’s Project Zero. It showed that a cleverly-crafted email or instant message attachment could worm its way through Windows Defender without detection.

Amazingly, you don’t even have to open the attachment, it simply has to be received (via a messenger app or email application that’s scanned by Defender) and be scanned in order to take control. If you had real-time protection enabled in Defender, the exploit would have been activated immediately. If you didn’t the next time the file was scanned in a scheduled system scan would have woken it up.

Because MMPE is given the highest level of access, it has absolute control over the system. If you’re able to bypass it, you can do pretty much anything you like.

It’s a scary attack because there’s essentially nothing you can do to prevent it, aside from hope that people who email you aren’t trying to hack you.

What should I do?

Nothing: Windows Defender is updated automatically several times a day and Microsoft has already issued a patch to prevent this exploit from being used.

You shouldn’t stop using Defender, as it provides a good level of baseline protection, and this vulnerability is now fixed.

It’s also not clear whether having another piece of antivirus software installed would have prevented this attack.

What can we learn?

Nobody is immune. In our recent Best Free Antivirus test, data suggested Windows Defender was doing nearly as good a job as the likes of Avast and Avira.

What it shows is that any piece of security software is vulnerable to unknown attacks. Antivirus ratings are all well and good, but the companies that conduct the tests can only use known malware to see how good each piece of software. As new viruses are developed all the time, it’s inevitable that some might try and holes in security software.

Related: Best laptops

What anti-virus software do you use? Tell us your thoughts on it in the comments below.

Why we’re different

Unlike other sites, we thoroughly review everything we recommend. We use industry standard tests to evaluate products in order to assess them properly. We’ll always tell you what we find. Trusted Reviews may get a commission if you buy through our links. Tell us what you think.