Microsoft Windows can be hacked with a single unread email: Google

Microsoft has issued a fix after it was discovered by Google researchers

Tech Desk May 10, 2017
the microsoft logo is seen on an electronic billboard on an office building in new york city july 28 2015 photo reuters
The Microsoft logo is seen on an electronic billboard on an office building in New York City, July 28, 2015. PHOTO: REUTERS
Google Project Zero researchers Tavis and Natalie have stumped on what they call a “crazy bad” loophole in Microsoft’s built-in Windows anti-malware software.

Over the weekend, Ormandy and Silvanovich announced their discovery on Twitter causing fears that users were susceptible to attacks over email.

I think @natashenka and I just discovered the worst Windows remote code exec in recent memory. This is crazy bad. Report on the way. 

— Tavis Ormandy (@taviso) May 6, 2017

It is a particular cause for concern as it can compromise your system without the user even opening or reading the full email.

Microsoft was made aware of the issue and finally on Tuesday it responded with a fix for the flaw with a critical update which patches the loophole.

Microsoft launches stunning new Surface laptop

After issuing the fix, the company has revealed details of how users were susceptible to attacks by the malware. “There are many ways that an attacker could place a specially crafted file in a location that is scanned by the Microsoft Malware Protection Engine. For example, an attacker could use a website to deliver a specially crafted file to the victim’s system that is scanned when the website is viewed by the user," read a post on Microsoft’s Security TechCenter.

Further, the company stated, "An attacker could also deliver a specially crafted file via an email message or in an Instant Messenger message that is scanned when the file is opened. In addition, an attacker could take advantage of websites that accept or host user-provided content, to upload a specially crafted file to a shared location that is scanned by the Malware Protection Engine running on the hosting server.”

Hackers exploited Word flaw for months while Microsoft investigated

You can take a look at the list of affected applications here:

PHOTO: MICROSOFT

The fix will reach users over the course of the next two days. Till then you can read Microsoft's detailed post addressing the problem here.

This article originally appeared on The Next Web

COMMENTS

Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ

Join Us

TRIBUNE VIDEOS

112 K

Ebrahim Raisi's Three-Day Visit Aims to Deepen Iran-Pakistan Partnership

Pakistan By-Election 2024 Results: Who Triumphed?

President of Iran Ebrahim Raisi Arrives in Pakistan | 23 April Holiday in Karachi | Pakistan News

Supreme Leader Khamenei Asserts Iran's Military Might Against Israel |Latest News

US Speaker Mike Johnson Defiant as Aid Package Passes Amid Threats |Latest News

Susan Sarandon Joins Anti-Israel Protest at Columbia University }Latest News

Erdogan Hosts Hamas Chief Amid Gaza Conflict |Latest News

US House Passes $95 Billion Aid Package for Ukraine and Israel | Latest News

Imran Khan Urges Judiciary's Action Against Constitutional Subversion |Pakistan News |Latest News

Israeli Protests Escalate: Demands for Netanyahu's Ouster Grow |Latest News

Recommended Stories

India's Flipkart raises $1.4 billion from Tencent, eBay, Microsoft

From bricks to bytes: the impressive growth of e-commerce in Pakistan

Microsoft unveils Windows 10 S for its Surface laptops

Latest

Travis Kelce’s ex Kayla Nicole responds to backlash from Swifties: “Leave me alone”

Child vlogger Muhammad Shiraz receives YouTube gold play button for surpassing 1 million subscribers

Zendaya is tired of being asked about kissing “Challengers” co-stars

Bellingham brings Madrid to brink of title with Clasico winner

Man Utd 'got away with it' in FA Cup semi-final, admits Ten Hag

As actors, we say whatever is written: Faysal Quraishi responds to legal notice over 'Zulm'

T.Edit

Skincare 101

Style 101

India's Modi says BJP poll manifesto focuses on creating jobs

On Express Urdu

The Express

اے آئی ٹیکنالوجی نے مونا لیزا کو گلوکارہ بنا دیا

The Express

پلاسٹک انڈسٹری، فضائی صنعت سے زیادہ بدتر ہے، تحقیق

The Express

بھنورے پانی میں ایک ہفتے تک زندہ رہ سکتے ہیں، تحقیق

The Express

کُتا دُم کیوں ہلاتا ہے؟ سائنسدانوں کے نزدیک اب بھی ایک معمہ

The Express

سائنس دانوں کی سائبورگ کاکروچ کی آزمائش

The Express

نظامِ شمسی میں موجود پوشیدہ سیارے کے متعلق مزید شواہد دریافت

Most Read

RAW goes rogue, globally

CJ summons JCP meeting for appointment process

Geographical indication stressed for Sindhri mango

US-China competition and South Asia

PTI, doctors at odds over Bushra Bibi’s medical reports

Public holiday announced in Karachi on Tuesday

Opinion

US sanctions on Pakistan’s missile programme: scope and severity

America’s Asia excludes Pakistan

Masquerade of individualistic effort

Iran-Israel tussle: first phase over?

US-China competition and South Asia

Bucha massacre: a reminder of UN failure

FOLLOW US

This material may not be published, broadcast, rewritten, redistributed or derived from. Unless otherwise stated, all content is copyrighted © 2024 The Express Tribune.

  • express-pk
  • express e-paper
  • Cricket Pakistan
  • Food Tribune
  • Campus Guru
  • Express Entertainment
  • express-pk
  • express e-paper
  • Cricket Pakistan
  • Food Tribune
  • Campus Guru
  • Express Entertainment