Miscreants can turn the tables on Microsoft and use its own antivirus engine against Windows users – by abusing it to install malware on vulnerable machines.
A particularly nasty security flaw exists in Redmond's anti-malware software, which is packaged and marketed in various forms: Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Forefront Security for SharePoint, Microsoft Endpoint Protection, and Microsoft Forefront Endpoint Protection. All are, at this moment, at risk. It is switched on by default in Windows 8, 8.1, 10, and Windows Server 2012.
I post this not to slam Microsoft, who has done a pretty good job making their security better. It's to point out that even people who write security software mess up. Consider:It is possible for hackers to craft files that are booby-trapped with malicious code, and this nasty payload is executed inadvertently and automatically by the scanner while inspecting the data. The injected code runs with administrative privileges, allowing it to gain full control of the system, install spyware, steal files, and so on.
- The Microsoft team certainly understands the need for security. After all, they're creating a security product.
- The Microsoft team certainly knows how to code securely. After all, they're creating a security product.
- Microsoft has a very strong vested interest in making sure that this sort of thing doesn't happen.