It’s like Pepsi declaring that Coke just won a taste test: Google Project Zero security researchers discovered a security hole in Microsoft’s Malware Protection Engine, and two days later the Microsoft Security Response Center not only fixed the bug but also rolled out the update through the usual Windows Defender update mechanism.
The bug in the main Windows Defender program was described in Security Advisory 4022344. Chances are good your Windows computer got the fix last night.
Google Project Zero security researchers Tavis Ormandy and Natalie Silvanovich are credited with discovering the vulnerability. Ormandy tweeted that the security hole was “the worst Windows remote code exec in recent memory… crazy bad.”
To read this article in full or to leave a comment, please click here