The vulnerability in Windows, that was revealed by two Google Zero Project members yesterday, has been patched by Microsoft. The vulnerability resided in the Microsoft’s Malware Protection Engine.
Yesterday we reported how two Google Zero Project members tweeted that they had found, ‘the worst Windows remote code exec in recent memory’. Microsoft was fast in following up, and last night the software giant released a security advisory and patch for the issue.
The reason the Google employees called the vulnerability, ‘the worst in recent memory’, is because it was found in Microsoft’s Malware Protection Engine, software used as the foundation for several security applications in Windows, including Windows Defender.
The software has access to all files and processes on a Windows system and through the vulnerability unauthorized code could be executed without the user even opening a malcious file. To exploit the vulnerability a specially crafted file would need to be scanned by Microsoft’s Malware Protection Engine.
And because Microsoft’s malware protection scans all files on the HDD automatically, even temporarily files, receiving a mail or visiting a website was sufficient to become infected. The Google Zero Project members were therefore very worried about the vulnerability because it could be executed remotely and could be distributed very easily.
Microsoft Security Essentials, Windows Defender on Windows 7, Windows 8/Windows 8.1, Windows RT and Windows 10 are all vulnerable.
The update that fixes the leak will be automatically installed within 48 hours through the built-in mechanism for the automatic detection and deployment of updates of Microsoft’s Malware Protection Engine.