Microsoft patches anti-virus bug that allowed boobytrapped files to run malicious code when scanned

Microsoft patches anti-virus bug that allowed boobytrapped files to run malicious code when scanned




This week, as part of its long-standing monthly “Patch Tuesday” regime, Microsoft released security updates to fix more than 80 flaws in its software.


Amongst the critical security vulnerabilities patched by Microsoft was one that – ironically – exploited usage of the company’s own Windows security product, Microsoft Defender Antivirus.


The actively-exploited remote code execution flaw (given the technical name of CVE-2021-1647) can be triggered by the mere act of Microsoft Defender attempting to scan a boobytrapped file for malware.




Sign up to our newsletterSecurity news, advice, and tips.

And as Microsoft Defender is always attempting to protect users from malware attacks that means that a user doesn’t have to be duped into clicking on an executable file or dangerous link to activate the attack.


As soon as Microsoft Defender sees the boobytrapped file on your computer it will try to scan it, get its knickers in a twist, and allow malicious code to run instead.


D’oh!


The good news is that your installation of Microsoft Defender is almost certainly already protected, as it is pretty much constantly updating itself anyway to deal with new malware threats – it’s just that on this occasion the dodgy code that it is arguably protecting you from was written by Microsoft’s own developers!


Version 1.1.17700.4 and later of the Microsoft malware protection engine are said to not be affected by the flaw – so check that you are running the latest version of the Microsoft Defender software, and ensure that it is up-to-date with its malware definitions.