Microsoft has released a security patch to fix a bug in its Windows malware protection engine that, if left untreated, could trigger a memory corruption bug in the malware scanning tool and hack your system.

The bug in the malware protection engine was discovered by the UK’s National Cyber ​​Security Center. Weaknesses (CVE-2017-11937) can affect systems running Windows 7, 8.1, 10 and Server 2016.

In June of this year, Google’s Project Zero security researcher Tavis Armandi found a similar flaw.

“According to Microsoft, vulnerabilities can be triggered when the malware protection engine scans a downloaded file for threats,” the registrar reported.

On most systems, this happens automatically for all new files.

Microsoft recommends all uses to install new security patches immediately

“There are many ways an attacker can place a specially created file in a location that is scanned by the Microsoft Malware Protection Engine. The company said in its advisory FAQ.

An attacker can deliver a specially created file via an email message or an instant messenger message that is scanned when the file is opened.

“Also, an attacker can take advantage of websites that accept or host user-provided content, upload a specially created file to a shared location that is scanned by the malware protection engine running on the hosting server,” Microsoft noted.