Microsoft has released a security patch to fix a flaw in its Windows Malware Protection Engine that, if left untreated, can exploit a memory corruption error in the malware scanning tool and hack your system.
The bug in Malware Protection Engine was discovered by the UK's National Cyber Security Centre. The vulnerability (CVE-2017-11937) can affect systems running Windows 7, 8.1, 10 and Server 2016.
A similar flaw was found by Tavis Ormandy, security researcher for Google's Project Zero, in June this year.
"According to Microsoft, the vulnerability can be triggered when the Malware Protection Engine scans a downloaded file to check for threats," The registrar reported.
In many systems, this happens automatically for all new files.
Microsoft recommends all uses to immediately install the new security patch.
"There are many ways that an attacker could place a specially crafted file in a location that is scanned by the Microsoft Malware Protection Engine. For example, an attacker could use a website to deliver a specially crafted file to the victim's system that is scanned when the website is viewed by the user," the company said in its advisory FAQ.
An attacker could also deliver a specially crafted file via an email message or in an Instant Messenger message that is scanned when the file is opened.
"In addition, an attacker could take advantage of websites that accept or host user-provided content, to upload a specially crafted file to a shared location that is scanned by the Malware Protection Engine running on the hosting server," Microsoft noted.
Mahadev betting scam: Actress Tamannaah Bhatia summoned by Maha Police
Bollywood actress Tamannaah Bhatia has been summoned by the Maharashtra Cyber Police for the ongoing investigations into the multi-crore Mahadev online gambling and betting scam, officials here said on Thursday.
Salman house firing case: Mumbai cops fish out arms, ammunition from River Tapi in Surat
In a big breakthrough, the Mumbai Police have recovered some arms and ammunition that were reportedly used in the firing at the house of Bollywood megastar Salman Khan on April 14, official sources said on Tuesday.
NCP manifesto: Caste-based census, MSP for farmers
The Nationalist Congress Party (NCP), which is now an ally of the NDA and the ruling partner in the MahaYuti government in Maharashtra, has demanded the caste-based census and Minimum Support Price for farmers.
Uddhav Thackeray skips INDIA bloc's rally in Ranchi, sends representative
Shiv Sena (UBT) President and former chief minister Uddhav Thackeray skipped the INDIA bloc rally scheduled in Ranchi this evening, an aide said here on Sunday.
Congress, INDIA bloc against development & farmers: PM Modi says in Maharashtra
Criticising the Congress and the INDIA bloc, Prime Minister Narendra Modi on Friday said that the unwavering faith of the people in 'Modi's Guarantee' is giving sleepless nights to the Opposition alliance leaders.
Bitcoin scam case: ED attaches assets worth over Rs 97 cr of Raj Kundra, Shilpa Shetty
The attached properties include a residential flat in Juhu, which is in the name of Shilpa Shetty, another residential bungalow in Pune and equity shares in Raj Kundra's name.
Congress in Tripura blocks rail stations to protest police fired-killing of 5 farmers in MP
The firing on Tuesday came during raucous protests to demand better crop prices in the drought-ravaged region that saw one farmer suicide every five hours in the past two years.
DMs, SPs of violence-hit MP districts transferred
The farmers agitation entered its eighth day on Thursday. The peasants have been on strike since June 1, demanding loan waiver and fair price for their produce.