Microsoft has released an emergency patch to fix a vulnerability in its Windows Defender antivirus software that could allow attackers to gain full system privileges on vulnerable Windows machines. The vulnerability was discovered and reported to Microsoft by security researchers at Google’s Project Zero team.
The vulnerability, tracked as CVE-2023-4366, is a privilege escalation vulnerability that could allow an attacker who has already gained access to a vulnerable system to escalate their privileges and gain full control over the system. This could potentially allow an attacker to install malware, steal sensitive information, or carry out other malicious activities.
The vulnerability affects all supported versions of Windows, including Windows 10, Windows 8.1, Windows 7, and Windows Server 2016 and later. Microsoft has released an emergency patch for the vulnerability, which users are strongly advised to install as soon as possible.
In a statement, Microsoft said, ‘We are aware of the report and have released an update to address this vulnerability. We encourage customers to install updates as soon as possible.’
This is not the first time that Google’s Project Zero team has discovered vulnerabilities in Microsoft’s software. The team has previously found and reported a number of vulnerabilities in Microsoft’s products, including Windows and Office, as well as vulnerabilities in other companies’ software. Microsoft has been criticized in the past for the way it handles vulnerability disclosures, with some security researchers accusing the company of being slow to respond to reports of vulnerabilities in its software. However, in this case, Microsoft has acted quickly to release a patch for the vulnerability.
