- Jan 24, 2011
- 9,377
An exploit would cause a DDoS attack.
Microsoft’s anti-malware engine has a serious flaw in it that could lead to a distributed denial-of-service (DDoS) attack.
The Microsoft Malware Protection Engine ships with several Microsoft anti-malware products, including Windows Defender, Security Essentials and Forefront Client/Endpoint Security – and users should apply the patch that Microsoft is releasing as soon as possible to rectify the situation.
The vulnerability could allow denial of service if the Microsoft Malware Protection Engine scans a specially crafted file; so, an attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted.
“There are many ways that an attacker could place a specially crafted file in a location that is scanned by the Microsoft Malware Protection Engine,” Microsoft noted in the advisory. “For example, an attacker could use a website to deliver a specially crafted file to the victim's system that is scanned when the website is viewed by the user. An attacker could also deliver a specially crafted file via an email message or in an Instant Messenger message that is scanned when the file is opened. In addition, an attacker could take advantage of websites that accept or host user-provided content, to upload a specially crafted file to a shared location that is scanned by the Malware Protection Engine running on the hosting server.”
If the affected anti-malware software has real-time protection turned on, the Microsoft Malware Protection Engine will scan files automatically, leading to exploitation of the vulnerability when the specially crafted file is scanned. If real-time scanning is not enabled, the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited.
In addition, exploitation of the vulnerability could occur when the system is scanned using an affected version of the Malicious Software Removal Tool (MSRT).
Read more: http://www.infosecurity-magazine.co...imalware-engine-offers-serious-security-flaw/
Microsoft’s anti-malware engine has a serious flaw in it that could lead to a distributed denial-of-service (DDoS) attack.
The Microsoft Malware Protection Engine ships with several Microsoft anti-malware products, including Windows Defender, Security Essentials and Forefront Client/Endpoint Security – and users should apply the patch that Microsoft is releasing as soon as possible to rectify the situation.
The vulnerability could allow denial of service if the Microsoft Malware Protection Engine scans a specially crafted file; so, an attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted.
“There are many ways that an attacker could place a specially crafted file in a location that is scanned by the Microsoft Malware Protection Engine,” Microsoft noted in the advisory. “For example, an attacker could use a website to deliver a specially crafted file to the victim's system that is scanned when the website is viewed by the user. An attacker could also deliver a specially crafted file via an email message or in an Instant Messenger message that is scanned when the file is opened. In addition, an attacker could take advantage of websites that accept or host user-provided content, to upload a specially crafted file to a shared location that is scanned by the Malware Protection Engine running on the hosting server.”
If the affected anti-malware software has real-time protection turned on, the Microsoft Malware Protection Engine will scan files automatically, leading to exploitation of the vulnerability when the specially crafted file is scanned. If real-time scanning is not enabled, the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited.
In addition, exploitation of the vulnerability could occur when the system is scanned using an affected version of the Malicious Software Removal Tool (MSRT).
Read more: http://www.infosecurity-magazine.co...imalware-engine-offers-serious-security-flaw/