James Delahunty
10 May 2017 12:20
Microsoft has quickly patched an unmasked security vulnerability in its software that potentially allowed attackers to hijack a PC.
The remarkable thing about this particular flaw is its association with Microsoft's anti-malware tool, Windows Defender. An attacker could target a victim with a malicious e-mail, an instant message or a crafted link.
According to reports, the victim wouldn't even have had to open an e-mail as the exploit would be triggered once the anti-malware tool scanned it.
The bug in question affected Windows 8, 8.1 and Windows 10, and was patched by an out-of-cycle update released by Microsoft in advance of the so-called "Patch Tuesday" round-up.
Researchers at Google's ProjectZero discovered the flaw at the weekend and expressed delight at Microsoft's speedy response.
Still blown away at how quickly @msftsecurity responded to protect users, can't give enough kudos. Amazing.
-- Tavis Ormandy (@taviso) 9 May 2017