Emergency Update Patches Zero Day in Microsoft Malware Protection Engine

Emergency Update Patches Zero Day in Microsoft Malware Protection Engine

Microsoft made quick work of what two prominent Google researchers called the worst Windows vulnerability in recent memory, releasing an emergency patch Monday night, 48 hours after Google’s private disclosure was made.

The mystery Windows zero day (CVE-2017-0290) was in the Microsoft Malware Protection Engine running in most of Microsoft’s antimalware offerings bundled with Windows. The engine, known as MsMpEng, is over-privileged and un-sandboxed, according to Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich…



Source: Threatpost

          microsoft windows logo with a bandage' logo with a bandage