One of the characteristics of Windows 10 is that Microsoft‘s operating system comes with Windows Defender by default. This is Microsoft’s new antivirus, a very simple security software but in a short time it has managed to position itself as one of the best free antivirus that we can install on the PC. And although it can protect us from many of the threats that we can find on the network, relying on it too much can be dangerous. Especially when it hides such serious flaws as the one that has recently jeopardized the safety of all users.
Just a few hours ago, Microsoft released an emergency update for its antivirus , Windows Defender. It sought to correct a zero-day security flaw in its engine that was endangering the safety of users. These security flaws are characterized by the fact that, instead of being discovered by Microsoft, they are discovered by hackers, who usually sell them to other hackers before they are fixed to carry out massive attacks.
This new security flaw was registered as CVE-2021-1647 , and it is found specifically in the Malware Protection Engine component of the system. Hackers can use this program to execute remote code on any PC that uses Microsoft security software. That is, in millions of computers connected to the Internet.
Update Windows Defender
Microsoft has already fixed this problem in its antivirus. Users who have their PCs updated, and have not made strange modifications to their systems, will receive this update automatically in the background.
As the company reports, this bug was in version 1.1.17600.5 of the security software engine. With the arrival of the new engine update, 1.1.17700.4, the security problem has disappeared, and Windows Defender is safe again, for now.
We can check the version of the engine that we have installed in our antivirus from its properties.
Currently, a PoC, or proof of concept , is already circulating on the network to exploit this vulnerability. It would not be unusual to see massive attacks on this vulnerability very soon. Therefore, we must make sure that we already have the new version of the antivirus engine installed.
The engine for this security program is typically updated once a month. However, Microsoft reserves the ability to release emergency updates when necessary, as has happened this time. Virus databases are usually updated three times a day, except in exceptional cases where more may arrive.
Install security patches
In addition to this Windows Defender patch, Microsoft has released its first 2021 security patches this morning. These patches correct a good number of vulnerabilities, many critical and one zero-day, which we must tackle as soon as possible on our PC. These security patches are available through Windows Update for all users who have a supported version of Windows 10. And if we have not made any strange configuration on our PC, it will be updated automatically.
2021 is going to be a dangerous year in terms of computer security. Therefore, it is vital to keep our system and all programs always up to date.