Watch on Demand: Attack Surface Management Summit | All Sessions Now Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Denial of Service Bug Could Cripple Microsoft Malware Protection Engine

Microsoft Releases Security Advisory for Microsoft Malware Protection Engine

Microsoft Releases Security Advisory for Microsoft Malware Protection Engine

Microsoft released a security advisory on Tuesday to warn customers of a vulnerability (CVE-2014-2779) in the Microsoft Malware Protection Engine that could cause a denial of service condition if the engine scans a “specially crafted file”.

If successfully exploited, the vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted, Microsoft said.

There are several ways an attacker could place a maliciously crafted file in a location scanned by the Microsoft Malware Protection Engine in order to exploit the vulnerability and crash a system or halt malware protection scanning.

“For example, an attacker could use a website to deliver a specially crafted file to the victim’s system that is scanned when the website is viewed by the user,” Microsoft explained. “An attacker could also deliver a specially crafted file via an email message or in an Instant Messenger message that is scanned when the file is opened. In addition, an attacker could take advantage of websites that accept or host user-provided content, to upload a specially crafted file to a shared location that is scanned by the Malware Protection Engine running on the hosting server.”

The vulnerability could also cause an application to close or quit unexpectedly without automatically recovering, and exploitation of the vulnerability could occur when the system is scanned using an affected version of Microsoft’s Malicious Software Removal Tool (MSRT).

The Microsoft Malware Protection Engine (mpengine.dll) ships with several Microsoft antimalware products and provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software.

Microsoft has provided updates for the following affected software:

Advertisement. Scroll to continue reading.

• Microsoft Forefront Client Security

• Microsoft Forefront Endpoint Protection 2010

• Microsoft Forefront Security for SharePoint Service Pack 3

• Microsoft System Center 2012 Endpoint Protection

• Microsoft System Center 2012 Endpoint Protection Service Pack 1

• Microsoft Malicious Software Removal Tool (Applies only to May 2014 or earlier versions)

• Microsoft Security Essentials

• Microsoft Security Essentials Prerelease

• Windows Defender for Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2

• Windows Defender for Windows RT and Windows RT 8.1

• Windows Defender for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2

• Windows Defender Offline

• Windows Intune Endpoint Protection

For the most part, no action is required of enterprise administrators or end users to install the update, but Microsoft suggested that administrators of enterprise installations follow their established internal processes to ensure that the definition and engine updates are approved in their update management software, and that clients consume the updates accordingly.

According to Microsoft, the built-in mechanism for the automatic detection and deployment of updates will apply the update within 48 hours of release, with the exact time frame depending on the software used, Internet connection, and infrastructure configuration.

Tavis Ormandy of Google Project Zero reported the bug to Microsoft, and it is not believed that the vulnerability has been exploited in the wild.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Data privacy startup Mine has appointed Avi Israel, Jessica Stanford, Michael Trites, Dikla Yuval, and Roee Silberman to executive positions.

Bob Turner has been named CISO at Penn State University.

V2X has appointed Christopher Carter as CISO.

More People On The Move

Expert Insights