Microsoft has released an urgent update to stop hackers taking control of computers with a single email.
The surprising bug, in Microsoft against malware programming, for example, Windows Defender, could be misused the recipient even opening the message.
Researchers working for Google’s Project Zero cyber-security outfit discovered the flaw at the weekend.
The settle has been uniquely pushed out hours before the product giant’s week by week Tuesday security refresh.
Programmers could abuse the imperfection essentially by sending a infected email, text or getting the client to tap on a web program interface.
Windows 8, 8.1, 10 and Windows Server operating systems are affected by the bug.
- Hackers used Microsoft bug ‘for months’
- Microsoft patches serious Word bug
- Bad bug found in Microsoft browsers
Anti-virus software, for example, Windows Defender would just need to check the malicious substance for the exploit to be triggered.
On some computers, scans are set up to occur almost instantly – “real-time protection” – or to take place at a scheduled time.
“Anti-virus normally tries to intercept these things before you get to them,” said cyber-security expert Graham Cluley.
He added it was “tremendous” that Microsoft had released the patch so quickly.
I think @natashenka and I just discovered the worst Windows remote code exec in recent memory. This is crazy bad. Report on the way. 🔥🔥🔥
— Tavis Ormandy (@taviso) May 6, 2017
News of the bug broke over the weekend – and the problem was quickly patched
The bug was discovered by Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich.
And Mr Ormandy later tweeted he had been “blown away” at the speedy response.
The vulnerability allows for remote code execution: “the thing all the malicious attackers are aiming for”, Mr Cluley told the BBC.
“It means they can install code on to your computer without your permission – it means they can hijack your computer.”
Mr Cluley did add, however, that he thought the Project Zero protocol for announcing the vulnerability had been risky, because it included information that malicious hackers might have found useful.
“That can help the bad guys,” he said.
Windows clients can watch that they are running the most recent Windows Defender version (1.1.13704.0), which should download automatically, to ensure they are not at risk – or hit the update button.
Reference : www.bbc.com