Security Experts:

Connect with us

Hi, what are you looking for?


Endpoint Security

Microsoft Patches Critical Vulnerability in Malware Protection Engine

Microsoft this week released an update for the Microsoft Malware Protection Engine (MPE) to address a critical severity remote code execution (RCE) vulnerability in it.

Microsoft this week released an update for the Microsoft Malware Protection Engine (MPE) to address a critical severity remote code execution (RCE) vulnerability in it.

The flaw could lead to memory corruption and allow an attacker to execute arbitrary code to take control over a vulnerable machine. Discovered by UK’s National Cyber Security Centre (NCSC), the bug is tracked as CVE-2017-11937.

Because code can be executed in the security context of the LocalSystem account, the attacker could take control of the system and install programs; view, change, or delete data; or create new accounts with full user rights.

Exploitation is possible if a specially crafted file is scanned by an affected version of the Microsoft Malware Protection Engine (the last vulnerable version is 1.1.14306.0).

There are multiple ways an actor could launch an attack leveraging the bug, Microsoft says. An attacker could lure the victim to a website containing the specially crafted file, or they could send the malicious file via email or instant messaging. They could also load the file to a site that accepts or hosts user-provided content, in a shared location.

“If the affected antimalware software has real-time protection turned on, the Microsoft Malware Protection Engine will scan files automatically, leading to exploitation of the vulnerability when the specially crafted file is scanned. If real-time scanning is not enabled, the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited,” Microsoft explained.

The software giant also notes that all systems running an affected version of antimalware software are primarily at risk.

The company has issued an update to correct the manner in which the Microsoft Malware Protection Engine scans specially crafted files.

The update will be delivered automatically to the affected systems and no action is required of enterprise administrators or end users. The update should reach all impacted software within 48 hours of release.

Impacted applications include Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server version 1709, Microsoft Exchange Server 2013 and 2016, Microsoft Security Essentials, and Windows Intune Endpoint Protection.

Microsoft Malware Protection Engine version 1.1.14405.2 resolves the vulnerability.

Related: Microsoft Patches 17 Year-Old Vulnerability in Office

Related: Microsoft Patches Office Zero-Day Used to Deliver Malware

Related: Microsoft Patches Zero-Day, Many Other Flaws

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Application Security

Software maker Adobe has rolled out its first batch of security patches for 2023 with fixes for at least 29 security vulnerabilities in a...

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Endpoint Security

Apple has launched a new security research blog and website, which will also be the new home of the company’s bug bounty program.