Fortunately, these vulnerabilities were discovered by the UK National Cyber Security Center, Because of the impact of the operating system and products is too much, if other attackers found it is incredible to estimate the size of the attack and infection.
Two remote code execution vulnerabilities:
If you do not use other anti-virus software then the system comes with Windows Defender anti-virus software will automatically provide protection for the device. For example, when a user downloads a new file, the software automatically scans for detection security, which exploits the automatic detection and scanning of Windows Defender.
An attacker can make a specific file to exploit the vulnerability of Windows Defender, and then scanning the specially crafted file with the software can result in memory corruption. Then these specially crafted files contain malicious code to execute arbitrary code on the local system and create advanced rights accounts until it completely takes over the system.
Microsoft immediately released an emergency security update to be repaired:
After receiving the vulnerability report, Microsoft immediately confirmed the problem and issued an emergency security update to fix it, because the affected Microsoft products are too many. All branch versions such as the Windows 10 system, including the 1507 that stopped updating, all versions of the Windows 8 system are affected.
At the same time, such as Windows 7 SP1 (less than SP1 version has been discontinued support and therefore no patch) and Windows Server 2016serverSystem, Exchange Server 2013/2016 is also affected.
Finally affected are Microsoft Endpoint Protection, Microsoft Forefront Endpoint Protection, Microsoft Security Essentials, and Microsoft Intune Endpoint.
Microsoft noted in the security bulletin the above vulnerability as an emergency level, so users of these products are best immediately go to the system update to install the patch.