Microsoft modifies open-source code, blows hole in Windows Defender

        A remote-code execution vulnerability in Windows Defender - a
        flaw that can be exploited by malicious .rar files to run
        malware on PCs - has been traced back to an open-source
        archiving tool Microsoft adopted for its own use. The bug,
        CVE-2018-0986, was patched on Tuesday in the latest version of
        the Microsoft Malware Protection Engine (1.1.14700.5) in
        Windows Defender, Security Essentials, Exchange Server,
        Forefront Endpoint Protection, and Intune Endpoint Protection.
        This update should be installed, or may have been
        automatically installed already on your device.

 - - -

Lauren Weinstein ( 
Lauren's Blog:
Google Issues Mailing List:
Founder: Network Neutrality Squad: 
         PRIVACY Forum:
Co-Founder: People For Internet Responsibility:
Member: ACM Committee on Computers and Public Policy
Tel: +1 (818) 225-2800
nnsquad mailing list

Reply via email to