Tavis and Natalie, Google Project Zero researchers, found out a major fault in all current Windows system. This is called Microsoft Malware Protection Engine through which anyone can get full remote control of your PC by just sending a single email. Even if you don’t read that email, access to your laptop would not be limited to you anymore. On the weekend Tavis Ormandy and Natalie Silvanovich spoke about this major loophole on twitter. The tweet caused panic in the users and Microsoft took immediate action. On Tuesday Microsoft came up with an emergency update that would fix this huge error.
Also read: New Surface Laptop by Microsoft
After the mistake was rectified, Micosoft exposed information on how this malware could have affected the users. The company informed that an attacker could add a particularly crafted file in a place that is scanned by the Microsoft Malware Protection Engine or he could use an email to send a crafted file to the victim. If the mistake would not have been made right in time, then a single unopened email could have compromised system of any user.
Just released malware protection engine update to
address RCE vuln – Defender will autoupdate. https://t.co/rzn5QWo6sV
— Security Response (@msftsecresponse) May 9, 2017
Image via: Windows IT Pro