Windows 10 News and info | Forum
April 27, 2018, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances.
 
  Website   Home   Windows 8 Website Windows 8 Forum Help Login Register  
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Microsoft’s Malware Protection Engine needs an emergency patch  (Read 301 times)
javajolt
Administrator
Hero Member
*****
Online Online

Gender: Male
United States United States

Posts: 28242


I Do Windows


WWW Email
« on: December 08, 2017, 06:37:44 PM »
ReplyReply

One of the most dangerous things an app can do is process random files that could be from anywhere, and but that is exactly what an antivirus app needs to do, and sometimes when you stare into the abyss, the abyss stared back at you.

Such was the case just recently when Microsoft discovered that a specially crafted file could cause a memory corruption error when it is scanned by its Malware Protection Engine, used in both the consumer and enterprise version of its Windows Defender app. The malware was then able to execute code with LocalSystem privileges, which is pretty close to full admin.

Because files can be delivered in numerous ways to a PC, and they all have to be scanned by Defender, the vulnerability is very serious.

“There are many ways that an attacker could place a specially crafted file in a location that is scanned by the Microsoft Malware Protection Engine. For example, an attacker could use a website to deliver a specially crafted file to the victim’s system that is scanned when the website is viewed by the user,” Microsoft explains.

“An attacker could also deliver a specially crafted file via an email message or in an Instant Messenger message that is scanned when the file is opened. In addition, an attacker could take advantage of websites that accept or host user-provided content, to upload a specially crafted file to a shared location that is scanned by the Malware Protection Engine running on the hosting server.”

Microsoft says the flaw (dubbed CVE-2017-11937) is however not being exploited in the wild and are pushing out a hotfix which should be automatically fetched and applied to Windows Defender and Microsoft Security Essentials, as well as Endpoint Protection, Forefront Endpoint Protection, and Exchange Server 2013 and 2016, who all use the Malware Protection Engine.

You can read more about the vulnerability at Microsoft here.

source
« Last Edit: December 09, 2017, 04:23:10 AM by javajolt » Logged



Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page March 20, 2018, 02:07:08 PM