Windows has a critical wormable vulnerability

[German]It’s a bit cryptic, what Google security experts Natalie Silvanovich and Tavis Ormandy from project Zero just revealed. They claim, they has discovered the ‘worst Windows remote code exec in recent memory’. Update: Microsoft issued a fix for this vulnerability in Malware Protection Engine.


Advertising


Tavis Ormandy posted last Saturday a Tweet mention this security hole in standard Windows installs.

Currently no details about the affected Windows component are released. Tavis wrote, that attacker don’t need to be in the same network of the victim (so I guess remote access via Internet will be possible). The exploit works on standard Windows – no further software are required. The attack is wormable (can self-replicate). Let’s hope, Microsoft releases a fix tomorrow (May 9, 2017) on patchday. (via)

Microsoft has issued a fix for this vulnerability in Malware Protection Engine. Further details may be found within my blog post Microsoft fixes critical Malware Protection Engine vulnerability.


Advertising


This entry was posted in Security, Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *