The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

Microsoft Letting the World in for a Bit

12 May 2017 | Updated 01 January 1970
 

We've been on to Microsoft to ask about security flaws as it emerged in-house hackers proved bad arse hackers could have taken over any (Microsoft) computer in the world with a single email.

Microsoft employs and rewards hackers who find flaws in the organisations systems (deployed in the majority of computers worldwide). Two hackers found a flaw that could allow genuine bad guy hackers to submit a simple email that did not need to be opened in order to takeover any computer of their choice.

The in-house hackers were amazed at even their paymaster's speed of response - the loophole being fixed an notified within minutes.

"Customers were protected by an update released on Monday, May 8 and more information is available in our security advisory," - a Microsoft spokesperson told ThisWeekinFM. "We are releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft.

"The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file (that dodgy email mentioned above). An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system.

"The Microsoft Malware Protection Engine ships with several Microsoft antimalware products. Administrators of enterprise installations should follow their established internal processes to ensure that the definition and engine updates are approved in their update management software and that clients consume the updates accordingly.

"Typically, no action is required of enterprise administrators or end users to install updates for the Microsoft Malware Protection Engine because the built-in mechanism for the automatic detection and deployment of updates will apply the update within 48 hours of release. The exact time frame depends on the software used, Internet connection, and infrastructure configuration."

 

Version 1.1.13704.0

If your version of the Microsoft Malware Protection Engine is equal to or greater than this version, then you are not affected by this vulnerability and do not need to take any further action.

Picture: Microsoft have responded to a security flaw

Article written by Brian Shillibeer | Published 12 May 2017

Share



Related Articles

On Trend - Can Hackers Turn The Heat Off?

Ken Munro of Pan Test Partners has written a blog - the original of which and more pictures can be accessed if you Click Here  Munro says he has found...

 Read Full Article
Top 10 IT Security Predictions for 2018

As the headline implies...in fact, blatantly states, we have the top ten IT security predictions - courtesy of Ian Kilpatrick.   1. Security blossoms in the...

 Read Full Article
Andromeda Strained - International Cyber Op Dismantles Botnet

On November 29, the Federal Bureau of Investigation, in close cooperation with the Luneburg Central Criminal Investigation Inspectorate in Germany, Europol’s...

 Read Full Article
Action Fraud Helpline Goes Live For Live Cyber Attacks

Action Fraud, the national fraud and cyber crime reporting centre, has launched a 24/7 live cyber-attack helpline. During its pilot since October 2016, Action...

 Read Full Article
NHS Seeks Friendly Fire Power In Cyber War

NHS Digital has announced (Nov 28) a £20m project to boost its ability to support the NHS with its data security - including making funds available to encourage...

 Read Full Article
Uber And The Cyber Nightmare Ride

In an unprecedented move, the National Cyber Security Centre has commented specifically on the Uber data breach - with a coded reference to the fact that Uber tried to...

 Read Full Article
If Dolly Can Be Hacked, What About The Hand Dryer?

  Connected toys with Bluetooth, wi-fi and mobile apps may seem like the perfect gift for Christmas. But Which? has found that, without appropriate safety...

 Read Full Article
Yahoo Cyber Breach Was Bigger

Yahoo has announced (week ending Oct 6) that it is providing notice to additional user accounts affected by an August 2013 data theft previously disclosed by the company...

 Read Full Article
FTSE 350 - General Data Protection Awareness Good

The Government will soon be introducing its new Data Protection Bill to Parliament. With this almost certain to come into effect next May, implementing the General Data...

 Read Full Article
FTSE 350 Cyber Governance Health Check

Britain’s top firms and charities urgently need to do more to protect themselves from online threats, according to new Government research and a ‘cyber health...

 Read Full Article