Microsoft just fixed a serious Windows Defender bug

  •   Ricky
  •   July 31, 2017
  •   197
  •   0
  • Photo Courtsey:
Loading...
Microsoft just fixed a serious Windows Defender bug

Theoretically, an attacker could take over your PC with an email you haven't even opened yet.

Over the weekend, Google Project Zeroresearchers Tavis Ormandy and Natalie Silvanovich tweeted about discovering "the worst Windows remote code exec in recent memory." According to Ormandy, it could work against a default installation and even become "wormable" -- able to replicate itself on a targeted machine and then spread to other computers automatically. Now we know more about what the problem is since, in just two days, Microsoft's Security Response Center and Windows Defender developerswere able to come up with a fix that is now available via Windows Update for Windows 7, 8.1, RT and 10 (according to Microsoft, the Control Flow Guardsecurity feature lowers the risk of this attack on 8.1 and 10), as well as other versions that IT professionals may be more familiar with.

As described by the Project Zero team, the problem resided in Microsoft's antimalware protection engine, which is supposed to scan files for issues, but could be tricked into executing code included in an email, on a webpage or in an instant message. Now that it's patched, your Windows computer should download the updated version automatically within the next day or two.

Theoretically, an attacker could take over your PC with an email you