Google Security Researcher Pops Microsoft’s AV Defenses

In Response, Microsoft Has Patched Its Malware Protection Engine

A Google security researcher has once again found a potentially devastating vulnerability in Microsoft’s Malware Protection Engine, the core component of anti-malware systems that ship with every Windows computer and server.

Microsoft patched the remote code execution flaw on Friday, but the finding once again highlights the danger of vulnerabilities in the very software that’s designed to protect computers from intrusion.

The flaw was found by Tavis Ormandy, a bug hunter with Google’s Project Zero who has a notable track record in finding software flaws in antivirus software.

Continue reading…