The Leading News & Information Service For The Facilities, Workplace & Built Environment Community
We've been on to Microsoft to ask about security flaws as it emerged in-house hackers proved bad arse hackers could have taken over any (Microsoft) computer in the world with a single email.
Microsoft employs and rewards hackers who find flaws in the organisations systems (deployed in the majority of computers worldwide). Two hackers found a flaw that could allow genuine bad guy hackers to submit a simple email that did not need to be opened in order to takeover any computer of their choice.
The in-house hackers were amazed at even their paymaster's speed of response - the loophole being fixed an notified within minutes.
"Customers were protected by an update released on Monday, May 8 and more information is available in our security advisory," - a Microsoft spokesperson told ThisWeekinFM. "We are releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft.
"The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file (that dodgy email mentioned above). An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system.
"The Microsoft Malware Protection Engine ships with several Microsoft antimalware products. Administrators of enterprise installations should follow their established internal processes to ensure that the definition and engine updates are approved in their update management software and that clients consume the updates accordingly.
"Typically, no action is required of enterprise administrators or end users to install updates for the Microsoft Malware Protection Engine because the built-in mechanism for the automatic detection and deployment of updates will apply the update within 48 hours of release. The exact time frame depends on the software used, Internet connection, and infrastructure configuration."
Version 1.1.13704.0
If your version of the Microsoft Malware Protection Engine is equal to or greater than this version, then you are not affected by this vulnerability and do not need to take any further action.
Picture: Microsoft have responded to a security flaw
Article written by Brian Shillibeer | Published 12 May 2017
Microsoft’s global survey of hybrid working habits has revealed several insights into the way employees view their workplaces and what motivates them to work in the...
Read Full ArticleIn one of the largest Direct Air Capture deals ever signed, Microsoft has embarked on a ten-year agreement with Climeworks to remove all of its historic CO₂ emissions...
Read Full ArticleBentley Systems and Microsoft are to collaborate to accelerate smart city urban planning and smart construction. This alliance will combine Microsoft’s Azure IoT...
Read Full ArticleA range of organisations have been recognised for leading the way on positive change at the Disability-Smart 2019 Awards - and the secret is out, MI5 was amongst the...
Read Full ArticleThe IWFM has begun a research and development collaboration with Microsoft to explore a shared vision for the role of technology in high performing workplaces. A new...
Read Full ArticleMicrosoft’s new German headquarters incorporates enormous panels to resemble gigantic windows opening onto the surrounding landscape, says Andreas Frisch. Opened...
Read Full Article.gif)
.gif)
.gif)
.png)
.png)
.png)
.jpg)
.jpg)
