Redmond Corporation Microsoft has released a new security patch for Windows operating systems that reportedly fixes a major vulnerability in Windows that was discovered only days ago. According to reports, the software giant had already issued a security advisory that impacts the operating system.
Security Advisory warning for CVE2017-0290 was issued due to an execution flaw that severely impacts the Windows Operating system as reported by ZDNet. The new lapse in the security of the operating system was disclosed by two Google Project Zero security experts Natalie Silvanovich and Tavis Ormandy who has even described it on his twitter feed.
The vulnerability was discovered in the Microsoft Malware Protection Engine (MsMpEng) that's used by onboard security essentials like the Windows Defender and other security products. Mr. Ormandy has termed the issue 'crazy bad' claiming it to be the worst remote code execution flaw in recent times.
A separate report from PCWorld explains how hackers could take control of desktops. Apparently, the vulnerability allows hackers to take remote control of LocalSystem accounts and then hijack the entire system itself. Reports mentioned that Microsoft products will issue a patch in the next 48 hours to vendors automatically.
The vulnerability on the Microsoft Windows operating system can be triggered by remotely executing the code which is then scanned by MsMpEng as a "specially crafted" file. Microsoft issued a statement stating that those users without real-time scanning on the systems are partially safe until further scan because the hacker would then have to wait in order to exploit the system.
Travis Ormandy also said vulnerabilities in Microsoft Malware Protection engine are the most severe in Windows to its privileges and accessibility features in the operating system.Microsoft rarely issues real-time updates since their regular scheduled update is every second Tuesday of a month. The two researchers praised Microsoft for quickly reacting and in turn fixing the issue through an update.