Microsoft and Google do not exactly see eye to eye, but security engineers with the search engine giant regularly help Redmond with product security by reporting flaws and vulnerabilities.
This newest one has been discovered by Tavis Ormandy — a person with a good track record when it comes to bugs in Windows and other Microsoft software. And the company has confirmed this in an advisory published earlier this morning.
According to the details, all but two Microsoft antimalware products are affected by this flaw.
These include the Forefront Client Security, Security Essentials (stable and prerelease), Windows Defender and Intune Endpoint Protection. Some pretty big names here.
Windows Defender, for instance, runs on majority of Microsoft operating systems, from Windows XP to Windows 7, Windows 8, Windows 8.1 and even Windows RT 8.1. This is what the company says:
“The vulnerability could allow denial of service if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted.”
Luckily, there have been no reports of any exploits taking advantage of this flaw.
At the same time, Microsoft has already started providing a fix to all affected machines, delivering it alongside malware definitions updates. And yes, Windows XP computers that are running Security Essentials will also receive the fix as the malware solution is kept alive on the old OS until 2015.