Massive MS security hole now patched

We are supposed to feel good that the code that was supposed to defend every PC running Windows (7, 8, 8.1, 10, and Server 2016) has been patched? I wonder if the CIA etc. have been exploiting this and the only reason it was finally patched was because it was finally discovered?

A massive and rather embarrassing remote code execution vulnerability has been discovered in Microsoft’s MsMpEng, the malware protection engine used by Windows Defender, Microsoft Security Essentials, Microsoft Forefront, and Microsoft Endpoint in almost every recent version of Windows (7, 8, 8.1, 10, and Server 2016). Notably, Windows Defender is installed by default on all consumer-oriented Windows PCs.

The exploit (officially dubbed CVE-2017-0290) allows for a remote attacker to take over a system without any interaction from the system owner: it’s simply enough for the attacker to send an e-mail or instant message that is scanned by Windows Defender. Likewise, anything else that is automatically scanned by Microsoft’s malware protection engine—websites, file shares—could be used as an attack vector.

Because MsMpEng runs at the highest privilege level and is so ubiquitous across Windows PCs, this vulnerability is about as bad as it gets. Fortunately, the security researchers who discovered it—Natalie Silvanovich and Tavis Ormandy of Google Project Zero—reported it responsibly, and last night Microsoft released a patch. MsMpEng automatically updates every 48 hours, so disaster has probably been averted. The security bulletin notes that Microsoft hadn’t seen any public exploitation of the vulnerability.


We are supposed to be happy that a security hole that goes back to Windows 7 is now closed?  Simply sending a email would be enough to gain access to any Windows computer?

Bet this makes any company running Windows feel relieved, although anyone could have accessed any of their Windows computers at anytime over the last 6 years.

Image: royalty free