Security Experts:

Connect with us

Hi, what are you looking for?



Denial of Service Bug Could Cripple Microsoft Malware Protection Engine

Microsoft Releases Security Advisory for Microsoft Malware Protection Engine

Microsoft Releases Security Advisory for Microsoft Malware Protection Engine

Microsoft released a security advisory on Tuesday to warn customers of a vulnerability (CVE-2014-2779) in the Microsoft Malware Protection Engine that could cause a denial of service condition if the engine scans a “specially crafted file”.

If successfully exploited, the vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted, Microsoft said.

There are several ways an attacker could place a maliciously crafted file in a location scanned by the Microsoft Malware Protection Engine in order to exploit the vulnerability and crash a system or halt malware protection scanning.

“For example, an attacker could use a website to deliver a specially crafted file to the victim’s system that is scanned when the website is viewed by the user,” Microsoft explained. “An attacker could also deliver a specially crafted file via an email message or in an Instant Messenger message that is scanned when the file is opened. In addition, an attacker could take advantage of websites that accept or host user-provided content, to upload a specially crafted file to a shared location that is scanned by the Malware Protection Engine running on the hosting server.”

The vulnerability could also cause an application to close or quit unexpectedly without automatically recovering, and exploitation of the vulnerability could occur when the system is scanned using an affected version of Microsoft’s Malicious Software Removal Tool (MSRT).

The Microsoft Malware Protection Engine (mpengine.dll) ships with several Microsoft antimalware products and provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software.

Microsoft has provided updates for the following affected software:

• Microsoft Forefront Client Security

• Microsoft Forefront Endpoint Protection 2010

• Microsoft Forefront Security for SharePoint Service Pack 3

• Microsoft System Center 2012 Endpoint Protection

• Microsoft System Center 2012 Endpoint Protection Service Pack 1

• Microsoft Malicious Software Removal Tool (Applies only to May 2014 or earlier versions)

• Microsoft Security Essentials

• Microsoft Security Essentials Prerelease

• Windows Defender for Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2

• Windows Defender for Windows RT and Windows RT 8.1

• Windows Defender for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2

• Windows Defender Offline

• Windows Intune Endpoint Protection

For the most part, no action is required of enterprise administrators or end users to install the update, but Microsoft suggested that administrators of enterprise installations follow their established internal processes to ensure that the definition and engine updates are approved in their update management software, and that clients consume the updates accordingly.

According to Microsoft, the built-in mechanism for the automatic detection and deployment of updates will apply the update within 48 hours of release, with the exact time frame depending on the software used, Internet connection, and infrastructure configuration.

Tavis Ormandy of Google Project Zero reported the bug to Microsoft, and it is not believed that the vulnerability has been exploited in the wild.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.


Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.


Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.