Jump to content

Microsoft Patches Critical Malware Protection Engine Vulnerability


Recommended Posts

OK it is always a good idea to keep up with security updates and this month's is a doozy. Microsoft was told of a gaping vulnerability on Friday or Saturday and was concerned enough to write a Patch in time for today.

So if you wait until a free WiFi or night out at Starbucks normally, you might want to get on this update today. This vulnerability was made public already. Patch it or catch it.

Excerpt:

"Microsoft patched a critical vulnerability in the Microsoft Malware Protection Engine present in Windows Defender, Microsoft Security Essentials, and other tools. The flaw was privately reported on Google's Project Zero disclosure platform on May 3 and publicly revealed on May 8 when Microsoft published a security advisory for its customers.

The company said in that security advisory that attackers could exploit the vulnerability to "install programs; view, change, or delete data; or create new accounts with full user rights." Doing so would have required attackers to make a "specially crafted file" meant to be scanned by the Microsoft Malware Protection Engine. Once those scans occur, the file then exploits this vulnerability to compromise and take over the targeted system.

That makes exploiting this vulnerability easier than it would have been if you had to download and open a malicious file. This led the company to say that "vulnerabilities in MsMpEng are among the most severe possible in Windows" because of the service's "privilege, accessibility, and ubiquity." They didn't find an issue with a specific Microsoft product; they found a critical problem in a tool that serves as the foundation for many other utilities.

"Mpengine is a vast and complex attack surface, comprising of handlers for dozens of esoteric archive formats, executable packers and cryptors, full system emulators and interpreters for various architectures and languages, and so on," the researchers said. "All of this code is accessible to remote attackers." The good news: Microsoft said in its advisory that it has no evidence of this vulnerability being exploited before its disclosure.

What does this mean for you? Probably nothing. By default, tools that rely on the Microsoft Malware Protection Engine are kept up to date automatically for both Microsoft's business customers and general consumers. If you've tinkered with the settings to prevent these automatic updates, however, you should install this patch to make sure an attacker can't exploit this now-public vulnerability on your system."

If you aren't sure of the tech the only thing you need to do is update now. The rest of the article with links and info is here:

http://www.tomshardware.com/news/microsoft-windows-malware-protection-vulnerability,34364.html

RV/Derek
http://www.rvroadie.com Email on the bottom of my website page.
Retired AF 1971-1998


When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius

 

“Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire

Link to comment
Share on other sites

Now it is three zero days plugged in this update today, much more here:

https://threatpost.com/microsoft-plugs-three-zero-day-holes-as-part-of-may-patch-tuesday/125544/

RV/Derek
http://www.rvroadie.com Email on the bottom of my website page.
Retired AF 1971-1998


When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius

 

“Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...