Microsoft hurries to patch ‘worst’ Windows vulnerability

Microsoft has rushed out a self-installing patch for a zero-day vulnerability in a Windows security program that allows hackers to take over a computer just by sending an email. “The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file,” reads the advisory about the patch Microsoft issued Monday. That means hackers can exploit the flaw simply by sending an email with a specially designed attachment. As soon as the malware engine scans the attachment, the code opens the vulnerability and the attacker can take control. Remote code execution bugs are considered the most severe kind of security vulnerability, and flaws in security software are often especially bad because of its trusted status on the machine. The Microsoft security advisory said there was no evidence the vulnerability— designated CVE-2017-0920 — “had been publicly used to attack customers” at the time of publication. The company added […]

The post Microsoft hurries to patch ‘worst’ Windows vulnerability appeared first on Cyberscoop.

Continue reading Microsoft hurries to patch ‘worst’ Windows vulnerability

Emergency Update Patches Zero Day in Microsoft Malware Protection Engine

Microsoft released an emergency update for a zero-day vulnerability disclosed by Google in the Microsoft Malware Protection Engine bundled with most versions of Windows. Continue reading Emergency Update Patches Zero Day in Microsoft Malware Protection Engine