New exploit in Windows Defender allows attackers to infect your computer just by viewing a file

>arstechnica.com/security/2017/06/latest-high-severity-flaw-in-windows-defender-highlights-the-dark-side-of-av/

>View a webpage. You're infected
>Receive an email. Don't even have to open it. You're infected.
>Simply have a file on your hard drive. You're infected.

This is one of the worst exploits in years and its coming right on the heels of another giant ransomware epidemic.

What sane person still willingly chooses to use Windows in this day and age? Its like being in an abusive relationship with a 300 pound crack whore with AIDS.

Other urls found in this thread:

borncity.com/win/2017/06/24/microsoft-closes-critical-vulnerability-cve-2017-8558-in-malware-protection-engine-june-23-2017/
youtube.com/watch?v=IW7Rqwwth84
bleepingcomputer.com/news/security/microsoft-quietly-kills-another-gaping-hole-in-windows-defender/
arstechnica.com/security/2017/06/latest-high-severity-flaw-in-windows-defender-highlights-the-dark-side-of-av/
twitter.com/NSFWRedditVideo

Good thing I'm running MSE.

Good thing I have Norton

Well it will probably be fixed soon


There's been major exploits in every single OS this last year

Who cares, all my important files are in google drive. They can encrypt all my steam games for all i care.

Lucky I turned my computer off :)

Same here. I never store anything personal on Windows and all my other work is backed up to Google.

lmao disabling this shit right nao

>Using cloud storage for personal files
>Ever
Why can't you use external mass storage instead?

Patch Tuesday occurs on the second and fourth Tuesday of the month, right? So Windows users will have this exploit until the July 13th, right?

Update already released June 23. So?

borncity.com/win/2017/06/24/microsoft-closes-critical-vulnerability-cve-2017-8558-in-malware-protection-engine-june-23-2017/

Is MSE actually immune? It uses MsMpEng as well.

Common Sense doesn't have this problem

Common sense doesn't protect you against shit like this or worms such as WannaCry.

I use Common Sense and I haven't had any malware since I got Internet in '93. Checkmate.

Yes it does. WannaCry spread using an exploit that was patched 3 months prior. If you don't update your PC, ESPECIALLY on Windows, you have no common sense at all.

Sir we need to air gap your machine please do it right no

You fucking dickless faggots, linux got hacked by pressing a key 19 times. Windows is more secure than your meme OS and has games.

What if I only block smbus

That vuln was in GRUB if I recall correctly, and required physical access to a machine.

Says it's already patched, FUD spreader.

I keep all my important files in literal files. You're a fucking pleb if you don't

Enjoy having a slow as shit PC user.

You think I was serious to keep my files in a LGBT activist, liberal terrorist organization named Google? Of course not.

hotfixes can be dropped whenever they're ready to be released.

Holy shit that's bad. Glad I don't use Windows.

I really don't understand why some people still use Windows in fucking 2017, it's like the last two decades of shitty winblows releases was not enough for them...

youtube.com/watch?v=IW7Rqwwth84
20 fucking years of pure fail. It's amazing.

because most business software is coded for it and many server apps are better on it too. It can do more, generally speaking than UNIX can.
Until that changes, we are its bitch corporately.

and theres a fuck tonne of UNIX exploits too. As many if not more security bulletins per year.
Viruses or trojans on UNIX suck balls because most have source code and compilers so easy to hide and use remotely too.
It's really no different but 90% of the world uses Windows so there's far more effort put into exploits here and they are far more public.

tfw he's making le ebin joke but nobody laughs cus actual proprietards are already a karikature of themselfs

it's funny to see how much effort you have to do to fuck up your computer with malware, seeing some "windows destruction" videos really made me think about how people are unprepared to use computer as they do shit like that unironically

I mean a good hunk of servers run somehing UNIX-ish so I'd argue that there's just as much malicious incentive in finding linux exploits as there is in windows exploits if people really want to rustle some jimmies.

I tried to play around with malware in a virtual machine running Windows but it was too much work getting infected so I just returned to shitposting on Sup Forums

>Microsoft, the company that literally works side by side with the National Semite Agency to make your computer as vulnerable and ripe for spying as possible, said they """patched""" (LMAO) the (((vulnerability))) they put there in the first place
>goyim ACTUALLY believe this

You faggots are as naive as newborn kittens.

Does this include endpoint protection

They do, over half of web servers are running UNIX but probably UNIX admins are smarter because they actually have to understand wtf is going on.

>This Windows Defender bug was so gaping its PoC exploit had to be encrypted
>PoC exploit
that's racist

WINKUCKS BTFO
MICROSOFT FINISHED AND BANKRUPT

LINUXFAGS ON SUICIDE WATCH

Good thing I'm on ZorinOS

Good thing I have Windows Defender turned off.

...For AVG

>because most business software is coded for it
What is a virtual machine? What are cross platform languages and frameworks?

>and many server apps are better on it too.
LOL no.

>and theres a fuck tonne of UNIX exploits too.
No, there's not. I want to slap every person who ever makes this excuse for Microshit. The library of malware for Windows is easily three orders of magnitude larger than for UNIX, Linux, or macOS. Windows is in the news every couple weeks with a new monster exploit and global attack. Windows is shit.

And it's not just the quantity of exploits, but the nature of them that's different. Both the Italian hacker company leaks and the NSA leaks confirm that while every OS has a history of bugs and exploits, *nix systems are far more difficult to compromise. A typical tool to compromise a Mac or an iPhone, for example, required PHYSICAL ACCESS to the machine, and would only work on specific models. Windows? Just get someone to receive...not read...receive an email. I've lost track of the Windows exploits I've personally seen in my life where any script kiddie could do a drive by attack on a corporate network and succeed. The first big one I remember was the JPEG bug in the early 2000's that would let you take control of a machine if the end user looked at a web page or received an email. 2017 and we have YET ANOTHER bug of this nature.

Fuck Microshit. They were always a trash software company. But in recent years they have grown even worse.

Of course they'd wait for it to be patched before reporting on it. Thats just responsible disclosure. The point is that Windows is so shit and Microsoft is so incompetent that this exploit has been there for years and they needed a third party researcher from Google to find it.

The best part? He needed to write a tool to load the system in WINE so he can use Linux's fuzzing tools since Windows is so shit

>Distributed, scalable fuzzing on Windows can be challenging and inefficient. This is especially true for endpoint security products, which use complex interconnected components that span across kernel and user space. This often requires spinning up an entire virtualized Windows environment to fuzz them or collect coverage data.

>This is less of a problem on Linux, and I've found that porting components of Windows Antivirus products to Linux is often possible. This allows me to run the code I’m testing in minimal containers with very little overhead, and easily scale up testing.

>This is just personal opinion, but I also think Linux has better tools. ¯\_(ツ)_/¯

Does it make you angry knowing that no matter how many threads you make, Linux will never, ever be relevant on desktop?

Good thing my PC came pre-installed with McAffee.

Yes

>MsMpEng is the Malware Protection service that is enabled by default on Windows 8, 8.1, 10, Windows Server 2016, and so on. Additionally, Microsoft Security Essentials, System Centre Endpoint Protection and various other Microsoft security products share the same core engine.

>The core component of MsMpEng responsible for scanning and analysis is called mpengine. Mpengine is a vast and complex attack surface, comprising of handlers for dozens of esoteric archive formats, executable packers, full system emulators for various architectures and interpreters for various languages. All of this code is accessible to remote attackers.

>bleepingcomputer.com/news/security/microsoft-quietly-kills-another-gaping-hole-in-windows-defender/

Already patched m8
But good try unemployed loonixfag

Yeah you should ignore the systemd 0day that dropped today which allowed rce from dns queries

yes it does

>don't have ports forwarded that you don't need forwarded
>guest connections to network on different vlan and ACLed

Also, try not to receive any emails or view web pages with images.

>herp every machine is a dns server
>derp my one example trumps the 10,000 examples on windows

It wasnt a dns service champ go read it again retard
Let's talk about heartbleed though
How about dirty cow
How about imagetragick
How about the af_packet rce
Wanna keep going?

>and theres a fuck tonne of UNIX exploits too.
GNU is not UNIX.

Windows defender isn't ntoskrnl

How many of those "exploits" ever effected a single Linux machine? Find some examples and see if the numbers come anywhere near the total of even just Petya. My point is, most, if not all of the Linux exploits require such outlandish circumstances to execute them, they're almost laughable.

>No, there's not
Yes there is, you don't pay attention obviously. I want to slap all you linux shills for telling people to run this shit. If it was super awesome, we'd be using it corporately.

IT zeguridad

>Yes there is, you don't pay attention obviously.
I do pay attention and you're full of shit.

>I want to slap all you linux shills for telling people to run this shit. If it was super awesome, we'd be using it corporately.
I hate to tell you this, but corporations generally make stupid decisions.

i need my games and my cpu is too shit for gpu passthrough, i'll suffer with windows until linux gets more games or i upgrade my cpu

>Yes there is
I'll give you this much, they exist, but as stated above, good luck ever executing one of them. Most of them are POC tier shit and MOST get patched immediately. That's more than I can say for WannaCry, which had it's ass hanging in the breeze for months before Microsoft issued a patch.They were notified in January, and for some odd reason the patch for XP had a publish date of February and a release date of when? Oh! May? Hmmmm...really percolates those peanuts.

Because some people need to work unemployed loonix weaboo

>>arstechnica.com/security/2017/06/latest-high-severity-flaw-in-windows-defender-highlights-the-dark-side-of-av/
Those ass-blasted microcucks in the comments section!

Good thing I deleted that crappy antivirus with my Linux partition

Like said.
Is already fixed.

>patch for XP

how do i fix my windblsw so i dont get infect guys

>some people
>90% of marketshare

A lot of them? Imagetragick was used to pop hundreds of prod boxes

Yes, they released one.

You have to draw the fucking line somewhere.

But a single loonix machine is like 2% of the userbase

Its good thing i use FreeBSD

They realized there are too many retards still running XP to just let nature run it's course.
Servers, dingus, servers.

Stack Clash. There isn't a Unix that isn't immune to it.

>Servers, dingus, servers.
these exploits don't affect servers

>isn't
is

"While this is not as egregious as some celebrity vulnerabilities have been in the past, [the ImageTragick researchers] do mention that they branded this in a way designed to get attention and boost their low numbers of blog views," said John Bambenek, manager of threat systems for Fidelis Cybersecurity in Waltham, Mass. "If you are measuring the success of your vulnerability research by Web traffic, you're focused on the wrong things."
Bogus.

t. assblasted microcuck

no and no

Jokes on them I never open anything via email

>arstechnica
>crappy click bait
>exploit already fixed
get fukt op
oh and
MITIGATED

pointing at you while I laugh

Linux has had way worse exploits lately, guess you're not informed

i almost never check my email, and infact last i sent an email was like 2011.

>Windows Defender allows attackers to infect your computer just by viewing a file

Pretty sure that was an older exploit.

I miss the simple days of port 195 shenanigans and +++ATH0

Okay? That doesn't prove anything champ
Nothing different from you screaming about a patched vuln

>Norton
Now that's a name I've not heard in years.

These are all just software exploits. Not part of Linux buddy.

B-but what about all those posters on Sup Forums that say CommonSense201X and Windows Defender all are you need?!

So you have to be running defender to be exploited?

Neither is anything other than code in ntoskrnl by those standards

old news

Or MSE, Endpoint Protection, or any one of 'various Microsoft security products' that use the same engine. These are all active by default on a fresh install.
I don't know if you can even disable it fully, and who knows how long this was out in the wild before being discovered and patched. If you're running Windows, just accept that your machine is probably part of a botnet

Microsoft recently patched a critical vulnerability in its ubiquitous built-in antivirus engine.

Woo... so glad automatic updates are on.