Microsoft has issued a patch to fix a major bug. According to security experts, the bug is considered “crazy bad” and may be amongst the worst flaws in recent history.
I think @natashenka and I just discovered the worst Windows remote code exec in recent memory. This is crazy bad. Report on the way. 🔥🔥🔥
— Tavis Ormandy (@taviso) May 6, 2017
The patch fixes a bug in Microsoft’s anti-virus scanner which could allow hackers remotely control Windows computers. According to ZDNet, the vulnerability could allow hackers to install or delete programs, steal sensitive information, create new accounts with full user rights, and download additional malware.
To make matters even worse, it doesn’t even require users to open or download any attachments. Instead, the vulnerability is triggered by sending an email, through malicious website visits, or instant messaging.
Microsoft is rolling the patch out automatically over the 48 hours, but users can manually download it if they do not want to wait.