Most Valued Members peteyt 387 Posted December 10, 2017 Most Valued Members Share Posted December 10, 2017 Microsoft has recently fixed a bug apparently discovered by a division inside the UK British Intellegence organisation GCHQ. The bug was in the Malware Protection Engine which is used in products such as Windows Defender, Microsoft Security Essentials, Microsoft Endpoint Protection, and Windows Intune Endpoint Protection. It was found on all currently supported Windows versions, which are Windows 7 and later. What is interesting is a that a file designed to abuse the bug apparently just needed to be scanned to be able to possibly take control of the system. The issue being by default programs such as Windows Defender would have to scan the file trying to identify if it was a virus. This normal and important procedure would actually appear to do more harm than good in this case. The bug is apparently a remote control execution vulnerability. The products do not scan a specially crafted file properly leading to memory corruption. This could allow an attacker to execute arbitrary code to gain control of the system https://www.bleepingcomputer.com/news/security/microsoft-fixes-malware-protection-engine-bug-discovered-by-british-intelligence/ Link to comment Share on other sites More sharing options...
itman 1,629 Posted December 10, 2017 Share Posted December 10, 2017 This is the fourth vulnerability found in the WD engine this year: Quote This is not the only critical-level fix the MMPE component received this year. There have been three other similar bugs this year alone that would have allowed attackers to remotely execute code on Windows workstations running outdated MMPE components [1, 2, 3]. Link to comment Share on other sites More sharing options...
Recommended Posts