Microsoft fixes vulnerability (CVE-2021-1647) in Microsoft Defender

by · Published · Updated

Microsoft Defender supports multiple operating systems to provide users with security protection services. Of course, even security software sometimes has the vulnerability. For example, Microsoft recently pushed a scan engine update to fix a vulnerability (CVE-2021-1647) in the antivirus software.

Attackers can use this vulnerability not only to bypass Microsoft anti-virus software but also to use Microsoft anti-virus software to run malicious software to launch an attack.

The latest scan engine update is automatically pushed and installed. Users can check the antivirus scan engine version. If the version number is 1.1.17700.4 and above, it means it has been fixed.

Under normal circumstances, when Microsoft detects malware, it will quarantine or even delete it directly. If it is quarantined, the user can manually restore the file.

The vulnerability discovered this time is a flaw in Microsoft’s antivirus software. Attackers can write specially crafted files that can be run immediately when Microsoft scans.

This means that an attacker can launch a non-interactive attack, such as sending a specially crafted file as an email attachment, and the email client will trigger a scan after receiving it. Therefore, users may install malicious software without being aware of it.

If you did not prohibit the system from automatically updating, the latest scan engine update should have been installed. Users can check the new version on the antivirus software about page.

The specific operation is as follows: Go to Windows Security App, click Settings in the lower-left corner, and then check whether the engine version is lower than 1.1.17700.4 on the About page

If it is lower than this version, it means that your antivirus software has not been repaired. Please go to the Windows Update system update page to manually check for updates and download new patches.

Tags: