In response to the news that Microsoft has rolled-out security updates to fix a critical remote code execution flaw affecting Windows Defender and other anti-malware products, Aaron Zander, IT Engineer at HackerOne commented below.
Aaron Zander, IT Engineer at HackerOne:
“Criticality for Microsoft depends greatly on the individual product line. For the Windows Product, the most critical vulnerabilities are the ones that cause users to lose control of their computers in totality. In the case of this patched exploit, it offers a worse case scenario: the very tool Microsoft uses to protect their users turned against them. This is not the first time that AV has been targeted. Security vendors, especially, need to secure using all methods available to them as they run privileged processes by nature.
While it’s hard to say if CVE2018-0986 was ever exploited in the past, the difficulty in crafting this exploit leaves only the most elite capable of doing so. If tools were made available allowing others to make their own payloads, this would open up the attack surface to more users. All of that being said, always staying on-top of updates from your OS provider is a simple and easy step to mitigate risk from security flaws.”