Google Project Zero is At It Again!: Critical RCE Flaw Found in Windows MMPE

 

An image that captures the triumph of project zero discovering a new security flaw

Project Zero has discovered another very important security flaw.

In a report from Google Project Zero members, this bug has been labeled “crazy bad.” As you may recall, Google’s Project Zero team is a group of internet security analysts that work tirelessly to uncover major vulnerabilities in various systems and software. This time, they found a big security flaw in Microsoft’s internal anti-virus software, Windows Defender, among other programs that utilize Microsoft’s MMPE. Ready to learn more about this security flaw and what makes it so frighteningly bad? Let’s dive in.

The flaw exists within Microsoft’s code, and that is not good.

We all make mistakes, and Microsoft is no different. This security flaw is a RCE, or remote executable code. Though the details are still being withheld for 90 days according to Google’s agreement to give software companies time to fix their flaws, we do know a few things about it. For example, the problem exists within the  Microsoft Malware Protection Engine, or MMPE. We also know that the RCE flaw works against default Windows installations, that it can be used remotely, and that it worm-type malware can exploit it. Thankfully, it looks like Microsoft is feverishly working to rectify this security flaw.

Google’s Project Zero is facing more criticism.

Though the team was pulled together to help spot security flaws and generally serve the greater good, Project Zero has faced a great deal of criticism over the years. Some professionals think they their method of exposing major bugs and issues through twitter and official reporting is unfair to the software developers they are exposing and that the team should be more discreet. Other professionals appreciate the work done by Project Zero and think that the public deserves to know when something is wrong with their software. At the end of the day, this is truly a debate about which interest is of more importance: Public or Private?

If You Need Strong IT Solutions, Call On Global Harvest Networks!

Global Harvest Networks has been working for the Washington D.C., Maryland, and Virginia areas since 2000 and we’re ready to lend our expertise to you! We offer a wide range of IT solutions that can tackle any and all of your network’s needs. Please don’t hesitate to contact us so that we can help you! You can also give us a call at 410-691-1130. We’re ready to assess your system, diagnose the problem, and help you find a plan that will strengthen your network all free of charge!

This entry was posted on Thursday, May 11th, 2017 at 2:02 pm. Both comments and pings are currently closed.

Comments are closed.