Microsoft is releasing an emergency security patch to fix a remote code execution bug in its Malware Protection Engine. Microsoft’s Malware Protection Engine provides the scanning, detection, and cleaning capabilities for the company’s antivirus and anti-spyware software. The Redmond software giant writes that the vulnerability can be triggered when the Malware Protection Engine scans a downloaded file that has been specially crafted to check it for potential threats. Tracked as CVE-2017-11937, the flaw is believed to have been addressed before any misuses in the wild.
When Malware Engine needs protection from malware…
Microsoft said that attackers could place a specially crafted file in a location that is scanned by the Microsoft Malware Protection Engine to exploit a memory corruption bug enabling them to execute code remotely. “A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption,” Redmond explained (emphasis is ours).
“An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
The company added that if realtime scanning is not enabled, “the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited.” The fix that has been released by the company addresses the vulnerability by correcting the way Microsoft Malware Protection Engine scans specially crafted files to avoid this exploit.
The security flaw affects Windows Defender in Windows 7, Windows 8.1, Windows 10, and Microsoft Security Essentials, Endpoint Protection, Forefront Endpoint Protection, and Exchange Server 2013 and 2016. More details about the affected products and the bug that has been rated as critical are available over at Microsoft. The company said that the patch should be installed automatically.
The post Something About Engines: Microsoft Issues an Emergency Patch to Fix Flaws in Its Malware Protection Engine by Rafia Shaikh appeared first on Wccftech.