large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Windows Defender Hack: How it works and what you need to know

Simply receiving an email could have allowed hackers to take over your PC, according to security researchers.

The exploit, which was patched by Microsoft before being made public, sounds pretty scary and is a bit of an open goal as far as security vulnerabilities go.

Microsoft said it hadn’t seen any examples of this hack before patching it, so it’s unlikely anybody actually fell victim to an attack.

How did the hack work?

The culprit is Microsoft Malware Protection Engine (MMPE), which is the technology behind Windows Defender, installed on all Windows PCs by default.

The vulnerability was discovered by two security researchers, Natalie Silvanovich and Tavis Ormandy on Google’s Project Zero. It showed that a cleverly-crafted email or instant message attachment could worm its way through Windows Defender without detection.

Amazingly, you don’t even have to open the attachment, it simply has to be received (via a messenger app or email application that’s scanned by Defender) and be scanned in order to take control. If you had real-time protection enabled in Defender, the exploit would have been activated immediately. If you didn’t the next time the file was scanned in a scheduled system scan would have woken it up.

Because MMPE is given the highest level of access, it has absolute control over the system. If you’re able to bypass it, you can do pretty much anything you like.

It’s a scary attack because there’s essentially nothing you can do to prevent it, aside from hope that people who email you aren’t trying to hack you.

What should I do?

Nothing: Windows Defender is updated automatically several times a day and Microsoft has already issued a patch to prevent this exploit from being used.

You shouldn’t stop using Defender, as it provides a good level of baseline protection, and this vulnerability is now fixed.

It’s also not clear whether having another piece of antivirus software installed would have prevented this attack.

What can we learn?

Nobody is immune. In our recent Best Free Antivirus test, data suggested Windows Defender was doing nearly as good a job as the likes of Avast and Avira.

What it shows is that any piece of security software is vulnerable to unknown attacks. Antivirus ratings are all well and good, but the companies that conduct the tests can only use known malware to see how good each piece of software. As new viruses are developed all the time, it’s inevitable that some might try and holes in security software.

Related: Best laptops

What anti-virus software do you use? Tell us your thoughts on it in the comments below.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.