Photo by RawPixel.com / Shutterstock.com
Here are five things you should know about the bug:
How was it discovered?
Two researchers — Tavis Ormandy and Natalie Silvanovich — with Google Project Zero found what Ormandy characterizes as a “crazy bad” Microsoft Windows security bug, CNN Tech reports. The bug appears in anti-virus scanners such as Windows Defender and Microsoft Security Essentials on some Windows machines. They reported it to Microsoft over the weekend. Ormandy called the security flaw “crazy bad” on Twitter. Project Zero’s goal is to find serious security issues in services around the web, says CNN.
Who could be affected?
The security vulnerability can be found on Windows 7, 8.1, RT and Windows 10, “meaning just about everyone running Windows is vulnerable,” the Associated Press reports.
Why is the bug so bad?
The security flaw allows scammers to remotely execute code on the breached system and “hijack an entire system,” explains CNET. “With such power, [scammers] have complete control to install or delete programs, steal information, create new accounts with full user rights and download additional malware,” warns CNET. The bug can also replicate itself and worm into other users’ systems.
What is being done to combat the bug?
Microsoft rushed to fix the flaw after it was discovered. It says the fix should be applied automatically. Or, you can manually trigger a Windows Update to install the patch now, says the AP. “Still blown away at how quickly @msftsecurity responded to protect users, can’t give enough kudos.” Google’s Ormandy tweeted on Monday. “Amazing.”
What should you do if you think you may be affected?
According to Microsoft: “Customers should verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded and installed for their Microsoft antimalware products.” For information on how to manually update the MMPE and malware definitions, Microsoft recommends checking out Microsoft Knowledge Base Article 2510781.
What do you think about the latest discovered security bug? Sound off below or on Facebook.