Microsoft Patches ‘Crazy Bad’ Zero Day in Operating System
Microsoft released an emergency patch to address a bug Google Project Zero security experts found over the weekend.
Microsoft issued a security advisory Monday, which should roll out automatically over the next 48 hours across Microsoft systems.
On Twitter, Project Zero researchers said they found a bug in Windows products that would allow someone to take control of the system, calling it “crazy bad” and “wormable.”
The flaw allows attackers to take control of a system if Microsoft Malware Protection Engine—used by other Microsoft security products—scans a special file sent through email, instant messaging or a malicious site, ZDNet reported.
“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” the Microsoft advisory said.
The Project Zero team said malware using the vulnerability could replicate itself and spread to other systems. Microsoft said there have been no reported exploits in the wild, according to ZDNet.
May 9, 2017
Link to report
location of breach
location of perpetrators
date breach occurred
date breach detected
May 06, 2017