Skip to content Skip to footer

Microsoft updates its Security Essentials to fix DDOS vulnerability

Microsoft has just released an update to its Microsoft Security Essentials anti-malware software (Engine 1.1.10701.0) The update will fix a vulnerability which was detected by Google Engineer Tavis Ormandy which works at Google Project Zero, the vulnerability would prevent the Microsoft Malware Protection Engine from monitoring your system if it scanned a specially crafted file on your computer, leaving your system vulnerable to any attack from potential attackers

The vulnerability could allow denial of service if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted.

There is no action required to update Microsoft Security Essentials as it updates automatically in the upcoming 48 hours. Don’t forget to check out our list of alternatives to Microsoft Security Essentials