'The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file, ' Microsoft explains in its advisory notice. It lets hackers booby trap files with malicious code that is automatically executed when Microsoft's anti-malware software scans the data.
After the quick fix Mr Ormandy responded by saying he was "blown away at how quickly @msftsecurity responded to protect users, can't give enough kudos".
Last month Microsoft released the Creators Update for Windows 10 and although not all users have been offered the updated version of the OS on Windows Update many did manually install it so this month's Patch Tuesday will move their current PC build forward to 15063.296 from 15063.250.
"The core component of MsMpEng responsible for scanning and analysis is called mpengine". If you've tinkered with the settings to prevent these automatic updates, however, you should install this patch to make sure an attacker can't exploit this now-public vulnerability on your system. Tavis Ormandy said that he and Natalie Silvanovich had discovered "the worst Windows remote code exec in recent memory". The engine is used by Windows Defender, the malware scanner preinstalled on Windows 7 and later, as well as by other Microsoft consumer and enterprise security products: Microsoft Security Essentials, Microsoft Forefront Endpoint Protection 2010, Microsoft Endpoint Protection, Microsoft Forefront Security for SharePoint Service Pack 3, Microsoft System Center Endpoint Protection and Windows Intune Endpoint Protection.
The blockbuster update, which includes a brand-new version of Microsoft Paint, was gradually pushed-out to users worldwide - a precautionary measure to ease the strain on Microsoft's servers. "This is as surprising as it sounds". Once those scans occur, the file then exploits this vulnerability to compromise and take over the targeted system.
Attackers can exploit this vulnerability through a number of avenues aside from email attachments, including links to sites hosting an exploit sent via email or any instant messenger.
- Aetna becomes latest insurer to flee ACA exchanges
- Olaf president: Racist note found on vehicle was fabricated
- Celtics blow out Wizards, take 3-2 series lead
- Black Lightning ordered to series at CW
- Nvidia unveils massive AI processing chip Tesla V100
- Le Pen aides brush off plagiarism of Fillon in French election speech
- ABC announces revival of 'American Idol' next season
- Manchester United x Celta Vigo- Game Preview
- 15 great white sharks spotted off Southern California coast
- Cardinals sign Blaine Gabbert to compete for backup QB position