— Tavis Ormandy (@taviso) May 6, 2017 Microsoft Security Advisory 4022344 says:

Check for Updates

Two days after getting the news of the exploit Microsoft’s Security Response Center and Windows Defender developers deployed a fix that is now available via Windows Update. The versions of Windows affected by this bug are Windows 7, 8.1, RT, and Windows 10. It also affects other anti-malware software typically used by IT departments like Microsoft Forefront Security for SharePoint Service Pack 3, Windows Intune Endpoint Protection, and others. According to the advisory, you should get the update automatically in the background within the next 48 hours, but if you want to stay on top of things head to Settings > Update & security and check for update.

To make sure you have the latest update, head to Settings > Windows Defender and scroll down to the Version info section and make sure your Engine version is 1.1.13704.0 or higher.

Project Zero researchers find security issues and report them to Microsoft to repair within 90 days before Google goes public with detailed information. Ormandy didn’t reveal any specifics of the exploit yet and details about the issue are scarce. Still, it’s good to see Microsoft was able to patch the problem in such a short period of time. Update: Google has released the vulnerability report on the Project Zero website. Comment

Δ