If you’re running a Windows system, make sure you run Windows Update pronto…
Google Project Zero researches Natalie Silvanovich and Tavis Ormandy have found a particularly insidious security flaw in virtually every iteration of Microsoft’s anti-malware software in Windows 8, 8.1, 10, and Server 2012, which allows a hacker to take over a vulnerable PC by sending a single email which doesn’t even need to be opened for the hack to activate. As soon as the anti-malware scanner inspects the virus “payload,” it executes the file, allowing it full access to the system where it can install spyware, steal files, deploy ransomware, or a multitude of other things.
Ormandy described the bug as “crazy bad” and the “worst in recent memory.” In a description, he wrote:
On workstations, attackers can access mpengine by sending emails to users (reading the email or opening attachments is not necessary), visiting links in a web browser, instant messaging and so on.
Vulnerabilities in MsMpEng are among the most severe possible in Windows, due to the privilege, accessibility, and ubiquity of the service.
Matthew Hickley, co-founder of Hacker House said
The [proof-of-concept hack] demonstrates remote code execution capability in various scenarios: you could exploit a system by uploading a file to [a] web server or sending an email to a Microsoft desktop. The malware protection service is enabled by default in Windows 8 and up. It’s a very critical bug.
“It seems this malware protection service might be an Achilles heel in Microsoft security model and system owners should consider disabling it.” –Forbes
In response, Microsoft has rushed out a fix to all potentially affected machines, greatly impressing Ormandy.
Still blown away at how quickly @msftsecurity responded to protect users, can't give enough kudos. Amazing.
— Tavis Ormandy (@taviso) May 9, 2017
In case you haven’t done so already, here’s the official patch:
If you enjoy the content at iBankCoin, please follow us on Twitter
Microsoft Windows is malware. Use Unix instead.