Earlier today we reported that Google Project Zero researchers found a ‘crazy bad’ Windows flaw. Microsoft apparantly took it very serious, as it likely was one of the biggest exploits ever. Right now they are patching Windows. The flaw is inside Windows Defender.

Microsoft's speed in issuing an automatic patch is impressive for a change. The vulnerability in Windows that could allow people to run malicious  unauthorized code. The vulnerability located in the malware protection software of Windows, Defender. The vulnerability was discovered by two Google Project Zero employees. They called the vulnerability the worst in a long time, because the vunerability was in the Microsoft's Malware Protection Engine, the software used as the basis for various Windows security programs, including Windows Defender.

Tavis Ormandy, one of the Google Project Zero researchers who discovered the flaw, warned exploits were "wormable," meaning they could lead to a self-replicating chain of attacks that moved from vulnerable machine to vulnerable machine.

Windows Defender has far-reaching access to the files and processes on your computer. Unauthorized code could be executed via the vulnerability, without the user even having to open say an infected email attachment. Microsoft's malware protection automatically scans all files on the hard disk, including temporary files, which means that receiving an email or viewing a web page would already be enough to infect a computer.

Therefore, Google's security staff were concerned about vulnerability because they could be remotely run and also very easily distributed. This Vulnerability is located in Windows 7, 8, 8.1, RT, 10, and in various business versions of the operating system. The update that Microsoft has released today corrects the issue and will be automatically installed by all users of the affected versions within two days.

Microsoft Patches the "Crazy Bad" Windows Vulnerability