{"id":317814,"date":"2017-05-10T06:15:51","date_gmt":"2017-05-10T06:15:51","guid":{"rendered":"http:\/\/citifmonline.com\/?p=317814"},"modified":"2017-05-10T06:15:51","modified_gmt":"2017-05-10T06:15:51","slug":"microsoft-makes-emergency-security-fix","status":"publish","type":"post","link":"https:\/\/citifmonline.com\/2017\/05\/microsoft-makes-emergency-security-fix\/","title":{"rendered":"Microsoft makes emergency security fix"},"content":{"rendered":"
Microsoft has released an urgent update to stop hackers taking control of computers with a single email.<\/p>\n
The unusual bug, in Microsoft anti-malware software such as Windows Defender, could be exploited without the recipient even opening the message.<\/p>\n
Researchers working for Google’s Project Zero cyber-security outfit discovered the flaw at the weekend.<\/p>\n
The fix has been specially pushed out hours before the software giant’s weekly Tuesday security update.<\/p>\n
Hackers could exploit the flaw simply by sending an infected email, instant message or getting the user to click on a web browser link.<\/p>\n
Windows 8, 8.1, 10 and Windows Server operating systems are affected by the bug.<\/p>\n
Anti-virus software such as Windows Defender would merely have to scan the malicious content for the exploit to be triggered.<\/p>\n
On some computers, scans are set up to occur almost instantly – “real-time protection” – or to take place at a scheduled time.<\/p>\n
“Anti-virus normally tries to intercept these things before you get to them,” said cyber-security expert Graham Cluley.<\/p>\n
He added it was “tremendous” that Microsoft had released the patch so quickly.<\/p>\n
<\/p>\n
The bug was discovered by Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich.<\/p>\n
And Mr Ormandy later tweeted he had been “blown away” at the speedy response.<\/p>\n
The vulnerability allows for remote code execution: “the thing all the malicious attackers are aiming for”, Mr Cluley told the BBC.<\/p>\n
“It means they can install code on to your computer without your permission – it means they can hijack your computer.”<\/p>\n
Mr Cluley did add, however, that he thought the Project Zero protocol for announcing the vulnerability had been risky, because it included information that malicious hackers might have found useful.<\/p>\n
“That can help the bad guys,” he said.<\/p>\n
Windows users can check that they are running the latest Windows Defender version (1.1.13704.0), which should download automatically, to make sure they are not at risk – or hit the update button.<\/p>\n
–<\/p>\n
Source: BBC<\/p>\n","protected":false},"excerpt":{"rendered":"
Microsoft has released an urgent update to stop hackers taking control of computers with a single email. The unusual bug, in Microsoft anti-malware software such as Windows Defender, could be exploited without the recipient even opening the message. Researchers working for Google’s Project Zero cyber-security outfit discovered the flaw at the weekend. The fix has […]<\/p>\n","protected":false},"author":14,"featured_media":284877,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[106],"tags":[6959,6960,284],"yoast_head":"\n