Microsoft quietly patched a critical vulnerability Wednesday in its Malware Protection Engine. The vulnerability was found May 12 by Google’s Project Zero team, which said an attacker could have crafted an executable that when processed by the Malware Protection Engine’s emulator could enable remote code execution.
Unlike a May 9 emergency patch for what Google researchers called the worst Windows vulnerability in recent memory, this week’s bug was a silent fix, said Project Zero researcher Tavis Ormandy, who privately disclosed it to Microsoft. The previous zero day (CVE-2017-0290) was also in the Microsoft Malware Protection Engine, running in most of Microsoft’s antimalware offerings bundled with Windows.
Full Article.
Take a look at the best antivirus, anti-malware, anti-spy, etc. software
Powered by WPeMatico