MICROSOFT HAS PATCHED a vulnerability in its anti-malware engine, over seven months after it was reported.
The Redmond firm released an advisory today that talks of a "specially crafted file" that could cause a denial of service. The file would prevent the users anti-malware software from working unless manually removed.
While it's not explicitly malcious in itself, if used it could leave the user's machine open to non-detection of less benign files such as Trojans.
The bug affects almost all iterations of Microsoft's anti-malware software, from Windows Defender, which is built into most versions of Windows, to enterprise level services such as Endpoint. Also affected is Microsoft's free anti-virus product, Microsoft Security Essentials.
Microsoft said that no one has exploited the vulnerability and that the update will in most cases roll out silently and automatically, but recommended that users and administrators check to ensure that the patch is installed.
It is not expected that Windows XP users will get another reprieve in the form of another special patch. Just weeks after the 13-year-old PC operating system reached end of life in April, Microsoft surprised the world by releasing a patch for a zero-day vulnerability for Internet Explorer, including Windows XP. This was, however, a one-off, the company said. µ
Plus, it's goodbye to Device Assist
Vulnerabilities in the iOS sandbox thankfully found by the good guys
Data watchdog will make sure firm is being fully transparent about the controversial move
Chinese firm reportedly forces staff to do 82 hours of overtime a month