Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Windows 10 Receives Antivirus Patch Fixing Flaw Found by Google Researcher
#1
http://news.softpedia.com/news/windows-1...0550.shtml       Windows 10 Receives Antivirus Patch Fixing Flaw Found by Google Researcher

Microsoft malware protection engine RCE flaw found
Apr 4, 2018 12:06 GMT  ·  By Bogdan Popa ·  Share:      
Microsoft has delivered an emergency security update for the Malware Protection Engine after a Google engineer discovered a Remote Code Execution (RCE) flaw that would allow an attacker to even take control of a vulnerable system.

Since the bug exists in the Malware Protection Engine that powers Microsoft’s security products, Windows Defender, Microsoft Exchange Server 2013 and 2016, as well as Microsoft Security Essentials, are all exposed to exploits. The flaw was discovered by Thomas Dullien of Google Project Zero.

Microsoft explains in an advisory (via BC) that a successful attack involves the antivirus solution scanning a crafted file. In other words, the attacker must find a way to drop this file on the target system, and Microsoft says that the typical methods can be used, such as instant messaging, email, or direct downloads from third-party websites.

Patch, patch, patch
The vulnerability is triggered when the antivirus solution scans the malicious file, and if real-time protection is not enabled, the attacker must wait until the scanning begins, Microsoft says.

“If the affected AntiMalware software has real-time protection turned on, the Microsoft Malware Protection Engine will scan files automatically, leading to exploitation of the vulnerability when the specially crafted file is scanned. If real-time scanning is not enabled, the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited. All systems running an affected version of antimalware software are primarily at risk,” the firm says.

The new patch fixes the way Microsoft’s Malware Protection Engine scans crafted files, so once the update is deployed, even if the compromised item lands on your system, an exploit should no longer be effective.

The version of the Microsoft Malware Protection Engine that you need to update to in order to be protected is 1.1.14700.5. You can check this version by launching the Windows Defender Security Center and going to Settings > About.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  SharkBot malware hides as Android antivirus in Google Play tarekma7 0 949 03-05-2022 , 05:47 PM
Last Post: tarekma7
  The Holiday Guide to Tech Support: Fixing the Family Computer mrtrout 0 433 01-01-2022 , 06:51 AM
Last Post: mrtrout
  OPSWAT Receives $125 Million Investment from Brighton Park Capital mrtrout 0 1,977 04-02-2021 , 11:10 PM
Last Post: mrtrout
  Google shares PoC exploit for critical Windows 10 Graphics RCE bug Bjyda 1 1,132 02-28-2021 , 05:53 AM
Last Post: Mohammad.Poorya
  Stored XSS Vulnerability on iCloud.com Earned Researcher $5,000 Bjyda 0 972 02-19-2021 , 10:55 PM
Last Post: Bjyda

Forum Jump:


Users browsing this thread: 1 Guest(s)