Microsoft fixes the vulnerability in the Microsoft Malware Protection Engine (CVE-2017-0290) discovered just three days by Google experts. The vulnerability affects the MsMpEng service, which runs unsandboxed with SYSTEM privileges and is accessible without authentication via Windows services such as Exchange and IIS. Google Project Zero researchers said the vulnerability can be exploited via email opening the malicious email is not necessary for exploitation or by getting the targeted user to access a specially crafted link.”]