Microsoft has acknowledged a vulnerability in its Malware Protection Engine and has gone ahead to send out an emergency security patch to all Windows devices to correct the flaw. The security issue was discovered by British security agency GCHQ’s information security arm National Cyber Security Centre, who also reported the issue to Microsoft. The vulnerability if successfully exploited, could allow an attacker to gain full control of a PC to install programs; modify user data; or create new accounts with full user rights. But Microsoft affirms that there are no records of such cases.
The security fault, tracked as CVE-2017-11937 on Microsoft’s security portal, is a remote code execution vulnerability that is triggered when the Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. To exploit this vulnerability, a specially crafted file must be scanned by an affected version of the Microsoft Malware Protection Engine. An attacker could plant a specially crafted file in a PC by using a website to deliver the file to the victim’s system or through an email message or in an Instant Messenger message that is scanned when the file is opened. If real-time scanning is not enabled, the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited.
The vulnerability affects almost all of Microsoft’s security products, including Windows Defender and Microsoft Security Essentials along with Endpoint Protection, Forefront Endpoint Protection, and Exchange Server 2013 and 2016, impacting Windows 7, Windows 8.1, Windows 10, Windows RT 8.1, and Windows Server.
But as mentioned earlier, an emergency security patch to fix the issue has been issued OTA (Over-The-Air) for all Windows devices, and the update addresses the vulnerability by correcting the manner in which the Microsoft Malware Protection Engine scans specially crafted files.
According to the Redmond giant, no action is required of enterprise administrators or end users to install updates for the Microsoft Malware Protection Engine, because the built-in mechanism for the automatic detection and deployment of updates will apply the update within 48 hours of release.
However, you can still head to Windows Update and check, download and install all available updates, especially security updates to be on the safe side.
Feature image credit: nuclearcoffee.org