Security software is meant to protect us from the malicious viruses dreamt up by cyber criminals.
But in an ironic turn of events, a flaw with Microsoft’s anti-malware software could actually be responsible for triggering the viruses it is meant to detect.
Researchers at Google’s Project Zero discovered the exploit, which could leave millions of PC users across the globe vulnerable to remote attack.
Project Zero was set up to find previously undiscovered flaws, known in security circles as a ‘zero-day’ vulnerability.
Researchers Tavis Ormandy and Natalie Silvanovich discovered one such flaw in Windows Defender, which comes pre-installed on Windows 8, 8.1 and 10, and Server 2016.
It allows hackers to infect a PC by sending malicious code in an email, instant message or link to a website.
But unlike many viruses, users do not have to execute the code manually, for example by double clicking on an infected file.
Instead, processes designed to protect the system from infection are responsible for triggering one.
When Windows Defender scans the incoming data, which most systems are set up to do automatically, the exploit is launched.