Microsoft revealed a critical vulnerability in its Malware Protection Engine (MPE) on Thursday (12/7) that allows an attacker to take full control of a target’s computer. Enabled by default, Microsoft Malware Protection provides the core cybersecurity capabilities for Microsoft anti-virus and anti-spyware programs in all of the company’s products.
The vulnerability is exploited when a specially crafted file is scanned by the Microsoft Malware Protection Engine that then allows an attacker to gain remote code execution. The report from Microsoft warned “there are many ways that an attacker could place a specially crafted file in a location that is scanned” by the vulnerable software. A dangerous file could be delivered by a website, email and messengers.
If a victim has real-time protection turned on, MPE will automatically scan and be exploited.
What Can You Do?
Microsoft has released an update for the flaw. The patch, and more information on the vulnerability can be found here: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11937.
Note: For end-users, the affected software provides built-in mechanisms for the automatic detection and deployment of this update. For these customers, the update will be applied within 48 hours of its availability. The exact time frame depends on the software used, Internet connection, and infrastructure configuration. End users that do not wish to wait can manually update their anti-malware software.
BMT’s Managed Service Clients – we are taking care of this issue, no further action is needed on your part.