Microsoft Issues Emergency Security Update for Windows


It’s unusual for the company to release a patch so quickly.

Microsoft has released an emergency security update to patch a critical remote code execution vulnerability in Microsoft’s Windows operating system.

In a security advisory, Microsoft wrote, “The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system.”

The bug was discovered by two Google Project Zero security researchers, Tavis Ormandy and Natalie Silvanovich. Announcing the bug, Ormandy wrote on Twitter that they have “discovered the worst Windows remote code exec in recent memory. This is crazy bad.”

The vulnerability was discovered on May 5 and Microsoft has already released a patch, which shows the criticality of the bug. It’s quite unusual for Microsoft to respond so fast; at times, the company failed to release a fix even after the 90-day grace period that Google gives to companies.

The details of the flaw have not been released yet, but researchers wrote that the flaw works on default Windows installations and the attack is “wormable,” which means it is self-propagating.

Microsoft Issues Emergency Security Update for Windows
comments powered by Disqus