Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Microsoft Patches Critical Vulnerability in Malware Protection Engine

Microsoft this week released an update for the Microsoft Malware Protection Engine (MPE) to address a critical severity remote code execution (RCE) vulnerability in it.

Microsoft this week released an update for the Microsoft Malware Protection Engine (MPE) to address a critical severity remote code execution (RCE) vulnerability in it.

The flaw could lead to memory corruption and allow an attacker to execute arbitrary code to take control over a vulnerable machine. Discovered by UK’s National Cyber Security Centre (NCSC), the bug is tracked as CVE-2017-11937.

Because code can be executed in the security context of the LocalSystem account, the attacker could take control of the system and install programs; view, change, or delete data; or create new accounts with full user rights.

Exploitation is possible if a specially crafted file is scanned by an affected version of the Microsoft Malware Protection Engine (the last vulnerable version is 1.1.14306.0).

There are multiple ways an actor could launch an attack leveraging the bug, Microsoft says. An attacker could lure the victim to a website containing the specially crafted file, or they could send the malicious file via email or instant messaging. They could also load the file to a site that accepts or hosts user-provided content, in a shared location.

“If the affected antimalware software has real-time protection turned on, the Microsoft Malware Protection Engine will scan files automatically, leading to exploitation of the vulnerability when the specially crafted file is scanned. If real-time scanning is not enabled, the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited,” Microsoft explained.

The software giant also notes that all systems running an affected version of antimalware software are primarily at risk.

The company has issued an update to correct the manner in which the Microsoft Malware Protection Engine scans specially crafted files.

Advertisement. Scroll to continue reading.

The update will be delivered automatically to the affected systems and no action is required of enterprise administrators or end users. The update should reach all impacted software within 48 hours of release.

Impacted applications include Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server version 1709, Microsoft Exchange Server 2013 and 2016, Microsoft Security Essentials, and Windows Intune Endpoint Protection.

Microsoft Malware Protection Engine version 1.1.14405.2 resolves the vulnerability.

Related: Microsoft Patches 17 Year-Old Vulnerability in Office

Related: Microsoft Patches Office Zero-Day Used to Deliver Malware

Related: Microsoft Patches Zero-Day, Many Other Flaws

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards.

Endpoint Security

Several major companies have published advisories in response to the Downfall vulnerability affecting Intel CPUs.

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Endpoint Security

The Zero Day Dilemma

Endpoint Security

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own...