Microsoft has issued an emergency fix for a 'crazy bad' security flaw in some versions of Windows.
(CCM) — Microsoft has rushed out an urgent fix for a security bug which has been described as "the worst… in recent memory," according to a BBC report. Hackers can exploit the bug by sending an infected email or instant message, which would result in their gaining control of the machine even without the recipient opening the message.
The security flaw was found by researchers working for Google's Project Zero team in Microsoft anti-malware software, such as Windows Defender. It affects systems running Microsoft's Windows 8, Windows 8.1, Windows 10, and Windows Server operating systems. Well-known security researcher Tavis Ormandy broke the news of the bug by tweeting: "I think @natashenka and I just discovered the worst Windows remote code exec in recent memory. This is crazy bad."
One reason that the bug is so dangerous is that it is triggered when software such as Windows Defender scans messages. On many computers these applications are configured to scan messages automatically, without any user interaction.
Users of the affected operating systems are recommended to check that they are running the latest version of Windows Defender, version 1.1.13704.0. If the software has not updated automatically, then an update can be started by clicking on the "Update" button.
Image: © StockStudio - Shutterstock.com