Microsoft Out-Of-Band Security Update Patches Critical 'Malware Protection Engine' Flaw

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
source (bleepingcomputer.com): Microsoft Out-Of-Band Security Update Patches Malware Protection Engine Flaw


Yesterday, April 3, Microsoft released an emergency security update via Windows Update that fixes CVE-2018-0986, a vulnerability in the Microsoft Malware Protection Engine (MMPE).

MMPE (mpengine.dll) is the malware scanning, detection, and cleaning component of several Microsoft antivirus and antispyware programs, such as Windows Defender, Microsoft Security Essentials, Microsoft Endpoint Protection, Windows Intune Endpoint Protection, and Microsoft Forefront Endpoint Protection.
Click to expand...

Vulnerability rated "critical"

A Google security researcher discovered a flaw in the MMPE component that allows attackers to execute malicious code on a Windows machine. Because the MMPE component runs with system privileges, the bug, if exploited, can grant attackers complete control over a victim's system.

Microsoft rated the vulnerability as "critical," its highest severity level. "To exploit this vulnerability, a specially crafted file must be scanned by an affected version of the Microsoft Malware Protection Engine," the company said in an advisory.

Exploitation is trivial, as an attacker can host the malicious code inside JavaScript files served over a website the victim is accessing, add the malicious code to email file attachments, or send a boobytrapped file to a victim via an instant messaging client.
Click to expand...
 
  • Like
Reactions: CyberTech, Deleted member 65228, frogboy and 6 others
upnorth

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
The good news is that Microsoft decoupled MMPE component updates from OS updates, meaning Microsoft can silently deliver the necessary patches without needing user interaction. The OS maker has fixed the flaw in MMPE version 1.1.14700.5, which should be deployed on all vulnerable systems in the next 48 hours unless system admins and PC owners have specifically blocked MMPE updates via local policies.
Click to expand...
 
  • Like
Reactions: LASER_oneXM, Deleted member 65228 and frogboy
Windows Defender Shill

Windows Defender Shill

Level 7
Verified
Well-known
Apr 28, 2017
326
Lol, vulnerabilities in Windows Defender are like groundhog day. How can the manufacture of Windows not fundamentally understand the vulnerabilities of Windows Defender?

Over the past year there has been an uncomfortable amount discovered, If you use WD always always update.
 
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Microsoft: Unpatched Office zero-day exploited in NATO summit attacks
Replies
0
Views
1,047
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • +Reputation
Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws
Replies
2
Views
1,511
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
Bot
Security News Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool
Replies
0
Views
446
Security News
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top