Microsoft has rolled out an emergency update for machines running Windows 7, 8.1, RT and 10 to patch a nasty bug that was uncovered by Google Project Zero researchers Natalie Silvanovich and Tavis Ormandy over the weekend.
According to the Project Zero team, the bug, which is present in the Windows Defender anti-malware software (ironic, right?), could be exploited to execute malicious code included in an email, web page or instant message, and has the potential to become “wormable.”
Attack works against a default install, don't need to be on the same LAN, and it's wormable. 🔥
— Tavis Ormandy (@taviso) May 6, 2017
A patch was issued within 48-hours
The folks over at Microsoft’s Security Response Center issued a patch within 48-hours — and installing it couldn’t be easier. All you have to do is open up Windows Update, then hit the Update button next to Windows Defender (1.1.13704.0).
Good work, Microsoft!