Windows comes with a virus and malware protection system called Windows Defender, but this time it was a Defender service that was putting the system at risk.
We have already seen cases where anti-virus programs, in their eagerness to control every aspect of the system in order to protect it, end up putting them at risk because of their own vulnerabilities. This is something that has made more and more people choose to use Windows' own Windows Defender, assuming Microsoft would be the company better prepared to do it properly ... But, this time it was Windows Defender itself the cause of the problem.
The bug has already been fixed by Microsoft (check that the Windows Defender Engine has version 1.1.13704.0 or higher) but it is a fault that was extremely critical as it allowed to infect a computer without requiring any intervention by the user. It would be enough for the computer to receive a malicious email, or a message, or even visit a web page - anything and everything that could be verified by Defender became a potential weapon to infect Windows.
There is a serious vulnerability in an operating system; but it's even worse because this fault exists precisely in the service that should protect it from this type of threats. Knowing that - as this case itself demonstrates - it is impossible to create 100% vulnerability-proof software, I think that the focus of the question should be on the response time with which the companies can react to the discovery of said vulnerabilities, and push those updates to the affected systems.
No comments:
Post a Comment