Microsoft Patches ‘Crazy Bad’ Zero Day in Operating System

Microsoft released an emergency patch to address a bug Google Project Zero security experts found over the weekend.

Microsoft issued a security advisory Monday, which should roll out automatically over the next 48 hours across Microsoft systems.

On Twitter, Project Zero researchers said they found a bug in Windows products that would allow someone to take control of the system, calling it “crazy bad” and “wormable.”

The flaw allows attackers to take control of a system if Microsoft Malware Protection Engine—used by other Microsoft security products—scans a special file sent through email, instant messaging or a malicious site, ZDNet reported.  

“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” the Microsoft advisory said.

The Project Zero team said malware using the vulnerability could replicate itself and spread to other systems. Microsoft said there have been no reported exploits in the wild, according to ZDNet.