Over the weekend, two of Google’s Project Zero security researchers announced that they had discovered a
Over the weekend, two of Google’s Project Zero security researchers announced that they had discovered a « crazy bad » Windows exploit, describing it as the « worst in recent memory. »
Project Zero gives firms 90 days to fix such discoveries, but Microsoft swiftly jumped on this problem, and just two days later has come up with a fix.
The Project Zero team explains that the problem was found with Microsoft’s Malware Protection service, MsMpEng. Vulnerabilities in MsMpEng are among the most severe in Windows, due to the « privilege, accessibility, and ubiquity of the service. » The flaw allowed attackers to access mpengine by sending emails to users (reading the email or opening attachments is not necessary) , having them visit links in a web browser, or through instant messaging.
The Security Update for Microsoft Malware Protection Engine, detailed in Security Advisory 4022344, fixes the issue. Microsoft explains:
The fix, for Windows 7,8.1, RT and 10, is available now via Windows Update.
Image Credit: Agenturfotografin / Shutterstock