Security researchers discover serious Windows bug, Microsoft pushes update

11 May 2017

Windows users are being urged to update their PCs immediately following the discovery of a serious flaw over the weekend.

The flaw in the popular operating system was discovered by researchers working on Google's Project Zero cyber-security operation.

The bug could allow hackers to take control of any PC by simply sending an infected email, instant message or by getting the user to click on a link in their web browser.

Google vulnerability researcher, Tavis Ormandy, who discovered the bug, said in a tweet "This is crazy bad."

The problem was so serious as to cause Microsoft to immediately push out a major security update which was available to all users now.

Following the quick fix Ormandy tweeted he was ''blown away at how quickly @msftsecurity responded to protect users, can't give enough kudos. Amazing.''

People using Windows 8, 8.1, 10 and Windows Server operating systems were vulnerable to the bug and needed to check for the security update.

Windows users could check that their Windows Defender version was the latest (1.1.13704.0), which should download automatically, to ensure they were not at risk - or hit the update button.

The bug was present in the Microsoft Malware Protection Engine, an anti-virus scanner on some Windows machines that regularly looked for suspicious code in the computer's network.

To exploit the flaw, an attacker needed to write a special piece of code to trigger remote execution due to an error in how the engine read the code. The remote execution could be triggered by something as simple as sending an email.

Consumers who used the anti-virus product were automatically protected if they had Windows Update turned on.

Meanwhile, Microsoft said updates will automatically be applied within 48 hours.