Microsoft fixes remote hacking flaw in Windows Malware Protection Engine
Microsoft has released an update for the malware scanning engine bundled with most of its Windows security products in order to fix a highly critical vulnerability that could allow attackers to hack computers.
The vulnerability was discovered by Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich on Saturday and was serious enough for Microsoft to create and release a patch by Monday. This was an unusually fast response for the company, which typically releases security updates on the second Tuesday of every month and rarely breaks out of that cycle.
Ormandy announced Saturday on Twitter that he and his colleague found a “crazy bad” vulnerability in Windows and described it as “the worst Windows remote code execution in recent memory.”