Nov 21, 2024 | Updated: 11:35 AM EDT

Microsoft Security Update: New Security Flaw Gives Attackers Unwarranted Access To Windows OS; Patch Released

May 14, 2017 06:50 PM EDT

Microsoft has rolled out a new patch to address a security issue that deals with a zero-day flaw affecting the Windows operating system. The vulnerability was forced brought out in the open by Google Project Zero security experts Natalie Silvanovich and Tavis Omandy.

A new security advisory was released by Microsoft for CVE-2017-0290, a remote execution flaw affecting the Windows operating system, ZDNet reports. The said vulnerability was discovered by Omandy, a zero-day flaw tied up to the Microsoft Malware Protection engine used by security products such as Windows Defender. The bug is seen as one of the worst Windows remote execution bugs with details held off for now until the Redmond company is able to come up with a fix.

The Microsoft patch should have arrived for Windows OS users by now, something channeled via the built-in deployment system and scanner engine found in Microsoft products. In all, the threat involves allowing attackers access to intrude the LocalSystem account and give them the ability to hijack the entire system.

This would include giving hackers the ability to delete programs and steal precious information while reprogramming user rights. In all, the breach could be catastrophic and can be done either through email without a user opening it according to the Project Zero Team.

Omandy calls the zero-day threat as wormable – meaning it can create havoc beyond default systems. A potential target of the threat could be the MsMpEng, something behind the accessibility and privilege services. So far there has been no word of exploits tied up to the security breach.

The whole row has brought administrators to their feet though the workload is really from Microsoft. The update via Microsoft’s internal systems will do most of the work, hopefully patching up the exploit. For those who haven’t gotten the update, there is a manual update available for a quicker fix.

Real Time Analytics