recommended reading

Threatwatch

Microsoft Patches ‘Crazy Bad’ Zero Day in Operating System

Software vulnerability

Microsoft released an emergency patch to address a bug Google Project Zero security experts found over the weekend.

Microsoft issued a security advisory Monday, which should roll out automatically over the next 48 hours across Microsoft systems.

On Twitter, Project Zero researchers said they found a bug in Windows products that would allow someone to take control of the system, calling it “crazy bad” and “wormable.”

The flaw allows attackers to take control of a system if Microsoft Malware Protection Engine—used by other Microsoft security products—scans a special file sent through email, instant messaging or a malicious site, ZDNet reported.  

“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” the Microsoft advisory said.

The Project Zero team said malware using the vulnerability could replicate itself and spread to other systems. Microsoft said there have been no reported exploits in the wild, according to ZDNet.

sector

Technology

reported

May 9, 2017

reported by

ZDNet

number affected

Unknown

location of breach

Unknown

perpetrators

Researchers

location of perpetrators

Unknown

date breach occurred

Unknown

date breach detected

May 06, 2017