Microsoft Issues Emergency Security Update for Windows


It’s unusual for the company to release a patch so quickly.

Microsoft has released an emergency security update to patch a critical remote code execution vulnerability in Microsoft’s Windows operating system.

In a security advisory, Microsoft wrote, “The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system.”

The bug was discovered by two Google Project Zero security researchers, Tavis Ormandy and Natalie Silvanovich. Announcing the bug, Ormandy wrote on Twitter that they have “discovered the worst Windows remote code exec in recent memory. This is crazy bad.”

The vulnerability was discovered on May 5 and Microsoft has already released a patch, which shows the criticality of the bug. It’s quite unusual for Microsoft to respond so fast; at times, the company failed to release a fix even after the 90-day grace period that Google gives to companies.

The details of the flaw have not been released yet, but researchers wrote that the flaw works on default Windows installations and the attack is “wormable,” which means it is self-propagating.

Microsoft Issues Emergency Security Update for Windows
comments powered by Disqus

SysAdmin Day 2017!

  • Happy SysAdmin Day 2017!

    Download a free gift to celebrate SysAdmin Day, a special day dedicated to system administrators around the world. The Linux Professional Institute (LPI) and Linux New Media are partnering to provide a free digital special edition for the tireless and dedicated professionals who keep the networks running: “10 Terrific Tools."

Special Edition


Subscribe to ADMIN Update for IT news and technical tips.

ADMIN Magazine on Twitter

Follow us on twitter