Flaws Found in Core Scanning Engine
Microsoft has issued emergency updates for two zero-day vulnerabilities in its Defender antivirus platform. The flaws affect the Malware Protection Engine and Defender Antimalware Platform. U. S. cybersecurity authorities confirm active exploitation, urging immediate action across Windows systems worldwide.
Breaking news
ByteDance Develops AI Inference Chip with InnoStar
AI Startup Anthropic Raises $65 Billion in Funding
Cloud Costs Out of Control: Can Automation Fix It?
Anthropic Boosts Claude Code with Dynamic WorkflowsThe vulnerabilities allow attackers to bypass security checks or execute malicious code without user interaction. Since the engine runs with high privileges, successful exploits could let hackers take full control of affected devices. Microsoft identified the flaws internally and rolled out automatic updates. Systems using Microsoft Defender, including Windows 10 and 11, are impacted.
The Malware Protection Engine, which scans files in real time, contains two critical bugs. One is a memory corruption issue triggered when processing malicious files. The other is a logic flaw that lets attackers slip malware past detection. Both can be exploited remotely when a system scans a specially crafted file. No user action is needed—just the presence of the file during a routine scan.
How Dangerous Are These Bugs?
CISA added both vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This signals confirmed attacks are already happening. The agency requires federal agencies to patch within three weeks. While no specific threat group has been named, the move underscores the severity. Microsoft credited internal researchers for discovering the flaws and pushed fixes through standard updates.
These flaws are especially risky because Defender runs constantly in the background, deeply embedded in Windows. Attackers could exploit them via email attachments, malicious websites, or infected USB drives. Once triggered, they gain the same high-level access as the antivirus software itself—making detection and removal extremely difficult.
Unlike typical bugs, these zero-days were actively exploited before patches existed. That means some systems may already be compromised. Microsoft says auto-updates have delivered fixes to most users. But organizations with controlled update policies must act manually.
Frequently Asked Questions
Are home users protected automatically? Most personal devices receive updates automatically through Windows Update. If enabled, systems should already be patched. Users should confirm updates are current and restart if needed.
Do I need to reinstall Defender after patching? No. The fixes are delivered as engine updates within the existing Defender framework. No reinstallation is necessary.
Can these flaws affect servers? Yes. Windows Server editions using Microsoft Defender are also vulnerable. Admins must ensure updates are applied, especially on email or file servers exposed to external traffic.