Microsoft has released an urgent update to stop hackers from taking control of computers with a single email.
The unusual bug, in Microsoft anti-malware software such as Windows Defender, could be exploited without the recipient even opening the message, BBC reported.
Researchers working for Google’s Project Zero cyber-security outfit discovered the flaw. The emergency security fix was made just hours before the software giant’s monthly security update on Tuesday.
Hackers could exploit the flaw simply by sending an infected email, instant message or getting the user to click on a web browser link.
Windows 8, 8.1, 10 and Windows Server operating systems are affected by the bug.
Anti-virus software such as Windows Defender would merely have to scan the malicious content for the exploit to be triggered. On some computers, scans are set up to occur almost instantly - “real-time protection” - or to take place at a scheduled time.
“Anti-virus normally tries to intercept these things before you get to them,” said cyber-security expert Graham Cluley.
The vulnerability allows for remote code execution which means the attackers can install code on to your computer without your permission in other words they can hijack your computer.
Windows users can check that they are running the latest Windows Defender engine version (1.1.13704.0), which should download automatically, to make sure they are not at risk - or hit the update button.
