Only the traditional Patch Tuesday updates were released here and only May 9 dates were assigned to those Windows Updates. Cumulative updates and an update to Flash Player. And there's no mention of the fix in Microsoft's knowledge base article for the cumulative update received on May 9. The article link is below:
https://support.microsoft.com/en-us/help/4016871/windows-10-update-kb4016871
There is an update to Windows Defender in the Windows Update Security Guide below, on page 5, but that's all. The update to Defender is usually a definitions update.
https://portal.msrc.microsoft.com/en-us/security-guidance
Of course, it's possible the new scan engine version for Defender was included in that update. It just doesn't show it.
Strange.
Grif
 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
Alert
Big Hole Hole in Windows 7 thru 10
""The security hole affects PCs and computer systems running Windows 7, Windows 8.1, Windows 10, and Windows Server 2016 and Microsoft software products running on those systems and exploits the Microsoft Malware Protection Engine included on Windows 7 and later. The vulnerability can be triggered “if the Microsoft Malware Protection Engine scans a specially crafted file,” according to the Microsoft Security Advisory. That could include email and web sites. That is, anything this is scanned by the Malware Protection Engine.
There’s a hole in Windows big enough that Microsoft did an emergency fix this week.
Called the “worst Windows remote code exec in recent memory” and "crazy bad" by the Google security expert that discovered it, the malware requires no interaction from a user." (more)
Discussion is locked
9 Posts
- Collapse
- Collapse -
Post was last edited on May 11, 2017 4:34 PM PDT
- Collapse -
fix out before it became known widely?
From 3 days ago, updated yesterday.
https://technet.microsoft.com/en-us/library/security/4022344.aspx
"Microsoft thanks the following for working with us to help protect customers:
Natalie Silvanovich and Tavis Ormandy of Google Project Zero"
- Collapse -
Bob B's info below may explain why all my dates here are for May 9 only. No updates have been applied to Defender on my machines. Others may have a different story.
It's good they thanked the researchers, as they should.
Hope this helps.
Grif
Post was last edited on May 12, 2017 8:25 AM PDT
- Collapse -
And all of my updates are marked May 9th. I thought I was getting no updates at all.....
- Collapse -
I have Win 10 Pro and looked into update settings.
I had it paused until 5 /31 , I turned off the pause and am now downloading a bunch of updates ...
- Collapse -
Defender updated just now to latest version
and
2017-05 Cumulative Update for Windows 10 Version 1703 for x64-based Systems (KB4016871)
and
2017-05 Security Update for Adobe Flash Player for Windows 10 Version 1703 for x64-based Systems (KB4020821)
- Collapse -
If Windows Defender was/is disabled, such as those that use a separate Antivirus/Antimalware, then the Defender scan engine doesn't engage and it won't scan the specially crafted file, therefore the vulnerability wouldn't have caused a problem.
My experience with other antivirus companies is that, although definitely serious, scan engine vulnerabilities happen occasionally and are always fixed as soon as possible.
Hope this helps.
Grif
CNET Forums
Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Roadshow Autos
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic