An elevation of privilege vulnerability exists when Windows Defender antimalware platform improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows Defender antimalware platform handles hard links.
References Identification Last version of the Windows Defender antimalware platform affected by this vulnerability Version 4.18.2001.111 and earlier antimalware platform First version of the Windows Defender antimalware platform with this vulnerability addressed Version 4.18.2001.112 and earlier antimalware platform Last version of the Windows Defender antimalware platform running on Windows 8.1 affected by this vulnerability 4.10.x.x, 4.9.x.x, 4.8.0.0 – 4.8.10240.0, 4.7.x.x and below First version of the Windows Defender antimalware platform running on Windows 8.1 with this vulnerability addressed Version 4.8.10240.18543 Last version of the Windows Defender antimalware platform running on Windows 10 affected by this vulnerability Version 4.8.10240.17394 First version of the Windows Defender antimalware platform running on Windows 10 with this vulnerability addressed Version 4.8.10240.18964 Why is no action required to install this update? In response to a constantly changing threat landscape, Microsoft frequently updates the Windows Defender antimalware platform in addition to signatures and the protection engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner. For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Windows Defender antimalware platform are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating. Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Windows Defender antimalware platform updates and malware definitions, is working as expected in their environment. How often is the Windows Defender antimalware platform updated? Microsoft typically releases an update for the Windows Defender
WongTing, <a href="https://twitter.com/edwardzpeng">Zhiniang Peng</a> of Qihoo 360 Core security and <a href="https://twitter.com/afang5472">Fangming Gu</a>