Critical Security Alert for all Windows versions

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

gea

Well-Known Member
Dec 31, 2010
3,141
1,184
113
DE
There is a bug in Windows Defender that allows an attacker to take ownership of a Windows system by simply reading an email or visit a website without any further action.

Microsoft Security Advisory 4022344
1252 - MsMpEng: Remotely Exploitable Type Confusion in Windows 8, 8.1, 10, Windows Server, SCEP, Microsoft Security Essentials, and more. - project-zero - Monorail

The german IT related newspaper c't called it dramatically with an emergency alert
Dramatische Sicherheitslücke in Virenschutz-Software von Windows geschlossen
 

cheezehead

Active Member
Sep 23, 2012
723
175
43
Midwest, US
There's been a published fix out for a few days, if your pulling in updates for SCEP/Defender daily you should be fine. If there's corporate install delays or the organization doesn't patch automatically there would be an issue.