Microsoft Makes Emergency Security Fix

[LoadsaMoney]

Microsoft has released an urgent update to stop hackers taking control of computers with a single email.

The unusual bug, in Microsoft anti-malware software such as Windows Defender, could be exploited without the recipient even opening the message.

Researchers working for Google's Project Zero cyber-security outfit discovered the flaw at the weekend.

The fix has been specially pushed out hours before the software giant's weekly Tuesday security update.

Hackers could exploit the flaw simply by sending an infected email, instant message or getting the user to click on a web browser link.

Windows 8, 8.1, 10 and Windows Server operating systems are affected by the bug.

http://www.bbc.co.uk/news/technology-39856391

 

[Deleted member 77746]

Makes me sad.

 

[nightmare99]

Discovered at the weekend patched by mid-week, seems ok.

 

[Orcvader]

Had a look and work, home desktop and SP4 already has the updated defender version.

Was the exploit something to do with defender's scanners? Are other real time scanners affected as well?

 

[jpaul]

Was the exploit something to do with defender's scanners? Are other real time scanners affected as well?

yes - that is the important, due-diligence, remark

Seems the bug was exclusive to the microsoft malware protection engine
but, unsurprising, other (my) antivirus eg avast have had code injection vulnerabilities fixed with less publicity,
as such BBC news articles are unecessarily dramatic without giving a balanced informed view (when does fake news begin?)
BBC also print text which seems to be plagiarized from likes of arstechnica
the reff'd arstechnica article
It might be time to stop using antivirus
seems pertinant, since the av's do provide a useful common attack point to target

(please can OC fix formatting bug in the new text editor - it has a mind of its own)