Home United States USA — software Microsoft fixes 'crazy bad' Windows vulnerability

Microsoft fixes 'crazy bad' Windows vulnerability

263
0
SHARE

Over the weekend, two of Google’s Project Zero security researchers announced that they had discovered a
Over the weekend, two of Google’s Project Zero security researchers announced that they had discovered a “crazy bad” Windows exploit, describing it as the “worst in recent memory.”
Project Zero gives firms 90 days to fix such discoveries, but Microsoft swiftly jumped on this problem, and just two days later has come up with a fix.
The Project Zero team explains that the problem was found with Microsoft’s Malware Protection service, MsMpEng. Vulnerabilities in MsMpEng are among the most severe in Windows, due to the “privilege, accessibility, and ubiquity of the service.” The flaw allowed attackers to access mpengine by sending emails to users (reading the email or opening attachments is not necessary) , having them visit links in a web browser, or through instant messaging.
The Security Update for Microsoft Malware Protection Engine, detailed in Security Advisory 4022344, fixes the issue. Microsoft explains:
The fix, for Windows 7,8.1, RT and 10, is available now via Windows Update.
Image Credit: Agenturfotografin / Shutterstock

Continue reading...