Unity has found a security vulnerability that has sat dormant for almost a decade: 'Take immediate action to protect your games & apps'
https://www.pcgamer.com/hardware/unity-has-found-a-security-vulnerability-that-has-sat-dormant-for-almost-a-decade-take-immediate-action-to-protect-your-games-and-apps/Open linkView original on lemmy.ca
A lot of older games are simply not going to be updated. Does this mean that presence of said (post Unity 2017) games means your system has a local escalation privilege vulnerability on a permanent basis (if the game is installed)?
If you're on Windows and use Windows Defender, you should be safe as it has been updated to detect and block the vulnerability.
I didn't know that Windows Defender essentially blocked the vulnerability.
I will also note that there can be situations when Windows Defender doesn't work.
I got hit by a WinRAR zero day exploit (the archive was supposed to be just images) that installed master Monero minor that disabled Windows Defender and blocked installation of other tools. I was able to clean my computer, but I only found through a non-english site (and I happen to speak that language so it was easier to validate that it was legit).
Well yeah it's a zero day, so not much an AV can do. I'm just quoting the article.
For sure, I missed that (and the fact Valve seems to be deploying protections as well).
The commentary about Windows Defender was just a random remark in passing. I wasn't expecting the WinRAR zero day to be addressed (it's a zero day after all), but the malware itself (the Monero miner) was around for a while (current version at the time was at least a year old) and WD had zero protections against its methods (that did not use the WinRAR zero day, that was the entry point).
That being said, I do think this more of an edge case. WD works pretty well in my experience (especially for non-power users).