Microsoft patches denial of service vulnerability in its security suite

Status
Not open for further replies.

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
shutterstock_147399719_story.jpg


Microsoft has released an update for its set of security software, which use the Malware Protection Engine, to patch a vulnerability which could be used for denial of service attacks.

After patching 59 vulnerabilities in Internet Explorer recently, Microsoft has now patched one which existed in its various security software, that could allow attackers to initiate a denial of service attack. The exploit could be triggered by scanning a certain crafted file using the Malware Protection Engine which would then render the software useless for monitoring the target system until the file is removed and the system is restarted. Although, completely carrying out an attack using such an exploit would require some user interaction such as downloading an attachment, it could not be left unpatched, given the ignorance of most users. Hence, Microsoft has deemed it as "important" in the advisory.

The software affected by the vulnerability include, Microsoft Forefront Client Security, Microsoft Forefront Endpoint Protection 2010, Microsoft Forefront Security for SharePoint Service Pack 3, Microsoft System Center 2012 Endpoint Protection, Microsoft Malicious Software Removal Tool, and Windows Intune Endpoint Protection, in addition to Microsoft Security Essentials and Windows Defender which come pre-loaded on current Microsoft operating systems.

Microsoft automatically updates the definitions and engines for the mentioned tools but users should make sure they are running version 1.1.10701.0 of the Microsoft Malware Protection Engine when possible.

Source: Microsoft via SCMagazine | Denial of service image via Shutterstock
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top