Google Project Zero continues to scrape away at the ubiquitous Microsoft Malware Protection Engine at the core of many security products embedded in Windows, and it continues to discover new critical vulnerabilities.
The latest, another remote code execution flaw, was patched on Friday after it was privately disclosed June 7 by researcher Tavis Ormandy.
The vulnerability was found in the same full system, unsandboxed x86 system emulator that Microsoft quietly patch in late May. This is the third critical vulnerability in MsMpEng that Ormandy has had a hand in disclosing and patching since early May.
Leave a reply