Microsoft issues emergency security fix2017-05-09 15:05 by Daniela
Tags: Microsoft, security
Microsoft has released a patch for a severe zero-day vulnerability in the Microsoft Malware Protection Engine. The patch comes just three days after Google Project Zero vulnerability researchers Tavis Ormandy and Natalie Silvanovich reported the flaw to Microsoft.
The flaw affects a number of Microsoft products, including Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Forefront Security for SharePoint, Microsoft Endpoint Protection, and Microsoft Forefront Endpoint Protection. These tools are enabled by default in Windows 8, 8.1, 10, and Windows Server 2012.
The vulnerability allows attackers to remotely execute code if the Microsoft Malware Protection Engine scans a specially crafted file. When successfully exploited, they have complete control to install or delete programs, steal information, create new accounts with full user rights, and download additional malware.
The patch will be pushed out automatically to users within 48 hours of release.
Read more -here-