Microsoft makes emergency security fix


Becky

Webmistress
Joined
Mar 25, 2003
Messages
7,424
Reaction score
1,511
This weekend Microsoft was forced to fix a bug which could have allowed hackers to take control of a PC with a single email, whether or not it was opened. The flaw was in the anti-malware software itself (such as Windows Defender): once the software scanned the hostile email, the exploit would have been triggered. Windows 8, 8.1 and 10 were all affected, but the bug has now been fixed.

Anti-virus software such as Windows Defender would merely have to scan the malicious content for the exploit to be triggered.

On some computers, scans are set up to occur almost instantly - "real-time protection" - or to take place at a scheduled time.

"Anti-virus normally tries to intercept these things before you get to them," said cyber-security expert Graham Cluley.

He added it was "tremendous" that Microsoft had released the patch so quickly.


Read more at BBC News
 
Ad

Advertisements

Ian

Administrator
Joined
Feb 23, 2002
Messages
19,782
Reaction score
1,440
Is this is bad as it sounds... as this seems like an incredibly bad exploit - one of the worst in recent years. The fact that even embedding the exploit in a webpage could trigger it is pretty bad :eek:. At least it was discovered by researchers before it was exploited (from what we know, anyway).

Here's the CVE on Technet:
https://technet.microsoft.com/en-us/library/security/4022344.aspx
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top