Microsoft makes emergency security fix

Becky

Webmistress
Joined
Mar 25, 2003
Messages
7,424
Reaction score
1,511
This weekend Microsoft was forced to fix a bug which could have allowed hackers to take control of a PC with a single email, whether or not it was opened. The flaw was in the anti-malware software itself (such as Windows Defender): once the software scanned the hostile email, the exploit would have been triggered. Windows 8, 8.1 and 10 were all affected, but the bug has now been fixed.

Anti-virus software such as Windows Defender would merely have to scan the malicious content for the exploit to be triggered.

On some computers, scans are set up to occur almost instantly - "real-time protection" - or to take place at a scheduled time.

"Anti-virus normally tries to intercept these things before you get to them," said cyber-security expert Graham Cluley.

He added it was "tremendous" that Microsoft had released the patch so quickly.


Read more at BBC News
 
Is this is bad as it sounds... as this seems like an incredibly bad exploit - one of the worst in recent years. The fact that even embedding the exploit in a webpage could trigger it is pretty bad :eek:. At least it was discovered by researchers before it was exploited (from what we know, anyway).

Here's the CVE on Technet:
https://technet.microsoft.com/en-us/library/security/4022344.aspx
 
Back
Top