Microsoft has issued a special patch to address a “crazy bad” Windows Defender exploit first reported by Google’s Project Zero over the weekend. Tavis Ormandy and Natalie Silvanovich, two Project Zero researchers, reported the security hole on Twitter.
They found a flaw in Windows Defender that’d leave people open to remote attacks. Microsoft’s Malware Protection Engine was home to the exploit and attackers could “execute arbitrary code” to “take control of the system.”
An attack could occur via email, even if an email wasn’t entirely opened.
The patch is now available from Windows Update and it’ll reach systems automatically within a couple days.
Google found the flawed Malware Protection Service is turned on by default in Windows 8, 8.1, 10, Server 2012, and some other OS versions.