Wednesday, 10 May 2017

Emergency patch released for critical security hole in Microsoft’s malware scanner


You know a security hole is serious if Microsoft issues a patch for it just hours before the company is scheduled to release its regular bundle of Patch Tuesday updates.

Microsoft has issued an update for the Microsoft Malware Protection Engine, addressing a security vulnerability that could allow remote code execution if one of Microsoft’s anti-virus products scans a boobytrapped file. As Microsoft warns in its advisory, an attacker could exploit the vulnerability to seize control of a victim’s PC.

In short, running Microsoft’s anti-virus software would have protected against a raft of malware, but it may also have made your computer more vulnerable.