Microsoft quickly fixes 'crazy bad' Windows bug

Microsoft quickly fixes 'crazy bad' Windows bug

Microsoft quickly fixes 'crazy bad' Windows bug

The flaw is inside Windows Defender. Microsoft has already released a patch for the problem.

Microsoft delivered the patch today, just three days after Google's Project Zero members Natalie Silvanovich and Tavis Ormandy informed Microsoft about a remotely exploitable flaw in the Microsoft Malware Protection Engine.

The latest issue is the most critical to date.

At the time, Ormandy only said the vulnerability was "the worst Windows remote code exec in recent memory" and that the issue was "wormable" and even a default installation could be exploited.

To bring the streamlined performance, simplicity and security of Windows 10 S to university students, Microsoft is expanding the Surface family of devices with Surface Laptop.

The exploit is incredibly easy to trigger: Anything that causes data to be written to a disk starts the Protection Engine's scan and could activate the code.

In trying to remove malware from the machine, Windows Defender could give it a foothold into the system.

Microsoft quickly fixes 'crazy bad' Windows bug

Anyone who uses Windows should update their PC right now.

The Project Zero team says the vulnerability can be leveraged against victims by only sending an email to users - without the need for the message to be opened or any attachments to be downloaded. Microsoft is planning to allow developers to add bots to the company's Bing search results to let you to chat with restaurants and other retailers.

"If the affected antimalware software has real-time protection turned on, the Microsoft Malware Protection Engine will scan files automatically, leading to exploitation of the vulnerability when the specially crafted file scanned", Microsoft wrote in its advisory.

And as the MMPE software and associated processes run at the elevated LocalSystem privilege level, a successful attack could lead to full remote system compromise, Microsoft warned.

Microsoft is holding its cards close to its chest, and there could be big surprises we haven't anticipated regarding HoloLens, Windows Mobile, Windows Holographic, Xbox or even Clippy. This was an unusually fast response for the company, which typically releases security updates on the second Tuesday of every month and rarely breaks out of that cycle.

One reason that the bug is so risky is that it is triggered when software such as Windows Defender scans messages, and on many computers these applications are configured to scan messages automatically, without any user interaction. The engine is used by Windows Defender, the malware scanner preinstalled on Windows 7 and later, as well as by other Microsoft consumer and enterprise security products: Microsoft Security Essentials, Microsoft Forefront Endpoint Protection 2010, Microsoft Endpoint Protection, Microsoft Forefront Security for SharePoint Service Pack 3, Microsoft System Center Endpoint Protection and Windows Intune Endpoint Protection.

The vulnerable version of MMPE is 1.1.13701.0, and the first with the fix implemented is 1.1.13704.0.

Recommended News

  • Newell Brands Inc (NWL) Receives Buy Rating from Wells Fargo & Co

    The diversified consumer-products company said that revenue jumped 148% to $3.27 billion, beating expectations of $3.21 billion. Currently, the stock carries a price to earnings ratio of 0, a price to book ratio of 1.52, and a price to sales ratio of 6.03.

    "Edge Of Tomorrow" Sequel Gets Returning Cast Members And Redundant Title

    And again that's why I try to do things like " Invisible " that are just, the revolution's sort of built into the idea. When will Live Die Repeat and Repeat be released? Liman was asked about the state of the sequel for Edge of Tomorrow .
    Salman Khan's 'Tubelight' teaser is out and it's nothing less than extraordinary

    Salman Khan's 'Tubelight' teaser is out and it's nothing less than extraordinary

    Expectations are certainly high, considering their last outfit together, " Bajrangi Bhaijaan " hit the right chords. The teaser is every bit a Salman Khan fare, with his innocence and innocuous charm being utilised to the fullest.
  • Emergency declared at Hanford nuclear site in Washington state

    Emergency declared at Hanford nuclear site in Washington state

    Department of Energy said the collapse covered about 400 square feet (37.1 square meters) instead of the 16 square feet (1.4 square meters) first reported.
    50000 evacuated in German city after 5 WWII bombs uncovered

    50000 evacuated in German city after 5 WWII bombs uncovered

    On 9 October 1943, an especially deadly night, 1,245 people were killed and 250,000 left homeless by 261,000 bombs. The thousands of people being evacuated from the city will have the chance to attend events.
    Monaco Maintain Top Spot, PSG Put Five Past Bastia

    Monaco Maintain Top Spot, PSG Put Five Past Bastia

    However, the hosts took the throw quickly and Verratti smashed a shot into the net from the edge of the area, catching out Leca. Marseille have ended Nice's hopes of clinching the title, after they ran out 2-1 winners on Sunday evening.
  • Vokes double earns Burnley draw with West Brom

    Vokes double earns Burnley draw with West Brom

    A league-high 15 of West Brom's goals in the Premier League this season have come from corners (37%). Manager Sean Dyche says they can be proud of how far they've come for a club with their resources.

    Israel says Palestinian hunger strike leader ate in secret

    Fares says strike organizer and Palestinian uprising leader Marwan Barghouti remains in solidarity confinement. The hunger strike led by Palestinian freedom fighter Marwan Barghouthi began on April 17.
    Everest braces for record number of summit attempts

    Everest braces for record number of summit attempts

    Having been born in the mountains, Mr Sherchan was accustomed to the high altitudes and low oxygen levels of the Himalayas. The best month to climb Everest is May, when there usually are several periods of favorable weather on the summit.
  • Kehlani fans throw support behind singer after breakdown on stage

    Kehlani fans throw support behind singer after breakdown on stage

    I put that on everything... "We'll make this show happen again, but I need to go do something about this because I feel insane ". "I truly feel like I might have to go to the hospital at this point because I feel insane ", she said.

    Zuccarello leads Rangers to 4-1 win over Senators in Game 3

    Then, at 15:54, Lindberg floated a shot from the left wing that somehow eluded Anderson after a strong forecheck by Glass and J.T. Vesey pulled the Rangers in front 4-3 with his first career playoff goal when he pounced on a rebound of Brady Skjei's shot.
    Macron honors man killed by French far-right

    Macron honors man killed by French far-right

    She also claimed that his pro-business policies would not create jobs but send them overseas and leave French workers hungry. Macron made his remarks at a Paris rally on Monday ahead of the Sunday runoff between himself and populist Marine Le Pen .

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.