By ,
Published May 22, 2017
Consumer Reports has no relationship with any advertisers on this website.
A few days after security researchers discovered a massive flaw in Microsoft's malware protection engine Windows Defender, which is used in almost every recent version of Windows, the company has issued a fix that it believes will keep attackers out. Users should make sure they have the update installed on their machines (instructions below).
Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich discovered the potential mode of attack, or exploit. Dubbed CVE-2017-0290, it lets an attacker remotely access any system without any interaction from the user, according to a report in Ars Technica.
All the hacker has to do is send an email or instant message that is scanned by Windows Defender—you don't have to open it or click anything. Anything else that's scanned automatically by Windows Defender—like a website—could also be used by attackers.
Ormandy said on Friday that the bug could be "the worst Windows remote code exec in recent memory. This is crazy bad."
Copyright © 2005-2017 Consumers Union of U.S., Inc. No reproduction, in whole or in part, without written permission. Consumer Reports has no relationship with any advertisers on this site.
https://www.foxnews.com/tech/is-your-pc-safe-from-a-massive-windows-defender-flaw