Microsoft reportedly aims to make Windows 10 PCs into smart home hubs

Posted May 10, 2017

The Redmond company has been praised for the speed at which it released the patch.

The most important technology show on Microsoft's calendar - the Build developer expo - comes to Seattle this week, drawing an expected 5,500 technologists to the city.

The Project Zero page showed that Ormandy and Silvanovich reported the Windows flaw to Microsoft on May 5th, the day Ormandy teased the issue on Twitter.

An attacker could exploit this flaw by having the malware protection engine scan a specially crafted file, which could be delivered by email, a website, or instant message.

More news: Police now say 9 killed in serial shootings case

Windows Defender's Family options screen. There's the potential for a worm to be developed from the initial infection as the target PC could distribute the attack around its network.

Beyond features like this welcome screen and shared desktops, which The Verge says should be coming as part of a Windows 10 update in September, HomeHub will also offer features similar to the new Echo View. In order to make them invest in Windows Store, Microsoft might use the event as an opportunity to announce new UWP features, tools, incentives, bring more attention to its stagnant product.

Silvanovich and Ormandy found that an email sent to take complete remote control over a PC did not even require the recipient to open it. Ormandy described the flaw as "the worst [of its kind] in recent memory" and "crazy bad".

Microsoft has confirmed the existence of the problem and has developed a patch that closes the hole. The company added that it hadn't seen any public exploitation of the vulnerability.

More news: Kenya's Eliud Kipchoge sets new unofficial marathon world record

"To exploit this vulnerability, a specially crafted file must be scanned by an affected version of the Microsoft Malware Protection Engine", Microsoft warned. "An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system".

Microsoft is holding its cards close to its chest, and there could be big surprises we haven't anticipated regarding HoloLens, Windows Mobile, Windows Holographic, Xbox or even Clippy. Chrome users may need to restart the browser to install or automatically download the latest version.

Ormandy today said he was "blown away" by the speed of Microsoft's patch, but he less praise for the way Microsoft's designed its malware scanning engine. The engine is used by Windows Defender, the malware scanner preinstalled on Windows 7 and later, as well as by other Microsoft consumer and enterprise security products: Microsoft Security Essentials, Microsoft Forefront Endpoint Protection 2010, Microsoft Endpoint Protection, Microsoft Forefront Security for SharePoint Service Pack 3, Microsoft System Center Endpoint Protection and Windows Intune Endpoint Protection.

To make sure your PC has been patched and isn't at risk, head to "Windows Defender settings" and make sure the engine number is 1.1.13704.0 or higher.

More news: Reds ride extra-base barrage to 14-2 romp over Giants