Microsoft's update for Malware Protection Engine fixes 'crazy bad' security vulnerability

Having a secure operating environment is arguably one of the most important aspects of one's digital life. Although security vulnerabilities are unfortunately a rather common occurrence, so are the updates patching them, thankfully. One such update has now been issued by Microsoft.

Yesterday, it emerged that Google security researcher Tavis Ormandy had found what he deemed to be a "crazy bad" security vulnerability in Windows.

Now, according to Microsoft's Simon Pope, the Group PM Manager at the company's Security Research Center, the issue has been fixed:

The Security TechCenter Library listing reveals a Security Advisory through which both enterprise and non-enterprise customers are informed that Microsoft has issued an update for a security vulnerability in its Malware Protection Engine. This security flaw allowed for a remote code execution exploit to be undertaken, thus putting users at risk.

In the words of the company:

The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system.

The latest version of the Malware Protection Engine which still contains this flaw is 1.1.13701.0, while the one that has the patch is version 1.1.13704.0. The affected programs are as follows:

  • Microsoft Forefront Endpoint Protection 2010
  • Microsoft Endpoint Protection
  • Microsoft Forefront Security for SharePoint Service Pack 3
  • Microsoft System Center Endpoint Protection
  • Microsoft Security Essentials
  • Windows Defender for Windows 7
  • Windows Defender for Windows 8.1
  • Windows Defender for Windows RT 8.1
  • Windows Defender for Windows 10, Windows 10 1511, Windows 10 1607, Windows Server 2016, Windows 10 1703
  • Windows Intune Endpoint Protection

Needless to say, the flaw in all of these products covered by CVE-2017-0290 is labeled "Critical".

In terms of user action required in regards to this update, Microsoft states:

In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.

For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Engine are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating.

So, if you are running either of the software products listed in the previous paragraph, make sure you either have auto-update turned on, or you manually update to the version with the patched flaw.

Source: Simon Pope (Twitter), Security TechCenter Library

Report a problem with article
1_t-mobile-01
Next Article

T-Mobile kills off 200MB Free Data for Life tablet activations; won't affect existing users

1493996886_img_2770
Previous Article

Moto G5 review: Nougat on a budget

24 Comments - Add comment

Advertisement