Windows urgent security update

I get the feeling this is additional to the 9 May update that Nick_ADSL has posted about, as in his summary I don't see it mentioned. I assume that was all packaged up and ready to go.

As I don't use Defender I have nothing to check, and don't think my auto-update has kicked in anyway. However does it imply any AV-product could trigger it?

Microsoft has released an urgent update to stop hackers taking control of computers with a single email.

The unusual bug, in Microsoft anti-malware software such as Windows Defender, could be exploited without the recipient even opening the message.

Researchers working for Google's Project Zero cyber-security outfit discovered the flaw at the weekend.

The fix has been specially pushed out hours before the software giant's weekly Tuesday security update.

Hackers could exploit the flaw simply by sending an infected email, instant message or getting the user to click on a web browser link.

Windows 8, 8.1, 10 and Windows Server operating systems are affected by the bug.

Anti-virus software such as Windows Defender would merely have to scan the malicious content for the exploit to be triggered.

On some computers, scans are set up to occur almost instantly - "real-time protection" - or to take place at a scheduled time.

Windows users can check that they are running the latest Windows Defender version (1.1.13704.0), which should download automatically, to make sure they are not at risk - or hit the update button.

Link.

Edited by RobertoS (Tue 09-May-17 23:42:57)

More information is in Microsoft Security Advisory 4022344.

The most likely scenario is that if you are using an affected Microsoft security product that you should automatically pick up the fixed Microsoft Malware Protection Engine within 48 hours of its release assuming you are using an Internet connected system. This Engine is updated frequently and on a much faster release cycle than the monthly cumulative patches for Windows.

As Microsoft say "no action is necessary" as a result of this advisory for the majority of users. Admins who apply updates via a local server may need to take some action, but they should know what they are doing.

So glad I do not use windows own security system.

Thanks for the link David.

48 hours is a long time once hackers know there is such a vulnerability however. That is why manual updating is suggested.

There is also the possibility that some proprietary IS systems are vulnerable to similar exploits, and not all end users are meticulous in applying updates. I expect most readers here are.

In reply to a post by RobertoS:

That is why manual updating is suggested.

It's not suggested by Microsoft

Re

Windows users can check that they are running the latest Windows Defender version (1.1.13704.0), which should download automatically, to make sure they are not at risk - or hit the update button.

Mine has been updated to this version automatically

I don't run it . There are loads of bits of it visible via File Explorer but I can't find and exe to try to establish its version, and last night couldn't be bothered to enable it in Services to find out or force it. Pointless except for interest.

It will no doubt be updated soon on my main laptop, and Kaspersky and Norton some time today if not already. On the other laptop within minutes of turning on, whenever that is.

Edited by RobertoS (Wed 10-May-17 09:30:27)

To be fair most AV software have had issues, and its choosing the best of a bad bunch at times. Ive used a few over the years and had issues with them flagging boot files as a false positive causing the PC to not boot as it deleted the file, and one even had a false positive which made it think the AV program itself was a virus.

Dont most email clients (certainly the likes of Outlook web) block any executable code by default on incoming mail?

Still quite concerning as most viruses need some kind of user interaction/stupidity to execute, whether it be visiting a dodgy site, clicking a dodgy link in an email etc