Microsoft makes emergency security fix

Becky · May 9, 2017

This weekend Microsoft was forced to fix a bug which could have allowed hackers to take control of a PC with a single email, whether or not it was opened. The flaw was in the anti-malware software itself (such as Windows Defender): once the software scanned the hostile email, the exploit would have been triggered. Windows 8, 8.1 and 10 were all affected, but the bug has now been fixed.

Anti-virus software such as Windows Defender would merely have to scan the malicious content for the exploit to be triggered.

On some computers, scans are set up to occur almost instantly - "real-time protection" - or to take place at a scheduled time.

"Anti-virus normally tries to intercept these things before you get to them," said cyber-security expert Graham Cluley.

He added it was "tremendous" that Microsoft had released the patch so quickly.

Read more at BBC News

Ian · May 9, 2017

Is this is bad as it sounds... as this seems like an incredibly bad exploit - one of the worst in recent years. The fact that even embedding the exploit in a webpage could trigger it is pretty bad :eek:

. At least it was discovered by researchers before it was exploited (from what we know, anyway).

Here's the CVE on Technet:
https://technet.microsoft.com/en-us/library/security/4022344.aspx

Microsoft patches critical flaw in Windows Defender	1	Apr 4, 2018
Kaspersky Labs: Warning over Russian anti-virus software	4	Dec 2, 2017
Security flaw found in Microsoft Word will be patched today	5	Apr 11, 2017
New ransomware attack hits Europe	3	Jun 28, 2017
UK National Cyber Security Centre officially opened	0	Feb 14, 2017
Google discloses Microsoft Edge security flaw before a patch is ready	2	Feb 19, 2018
Microsoft disables 'buggy' Intel patch	0	Jan 30, 2018
President of Microsoft calls for 'digital Geneva convention'	0	Feb 16, 2017

Microsoft makes emergency security fix

Becky

Webmistress

Ian

Ask a Question

Similar Threads