Microsoft closes critical security vulnerability in malware protection engine

Microsoft has closed a critical gap in its virus protector malware protection engine. Involved in the versions 1.1.13701.0 and earlier. According to security bulletin it is possible to inject malicious code and fully to take over the system if the virus protection integrated into numerous products investigated a “specially edited file”. What does Microsoft with “specially edited file”, has not published it. The vulnerability occurs under the symbol CVE-2017-0290. “

 security holes (image: Shutterstock.com/bofotolux).

the Microsoft malware protection engine is included in numerous security products, including Windows Defender for Windows, Windows 8 .1, Windows 10 and Windows Server 2016 . But also special business solutions such as forefront endpoint protection, System Center endpoint protection and Intune endpoint protection are affected by the vulnerability.

within the next 48 hours the security update will be rolled out automatically to the affected systems. Administrators should review the update settings and adjust if necessary, so that the update can be installed. Home users automatically receive the update along with the update of the virus definition file. Is the update takes place, the malware protection engine carries the version number 1.1.13704.0.

discovered the vulnerability of the Google security expert Natalie Silvanovich and Tarvisio Ormandy. It contains still no detailed figures to the vulnerability of CVE-2017-0290 published form . Ormandy but published details from a few days in the context of Google’s project zero . Therefore, gaps in the malware protection engine are particularly critical, since it does not run in a sandbox and attacker gain access to the component by sending simple E-Mail to the target object. To read the E-Mail or open an attachment that is not necessary. Ormandy has described so this gap with “crazy bad” .

according to the Explorer’s error in NScript, a component of the malware protection engine that examines all file system and network activities. The function of JsDelegateObject_Error::toString() not validated obviously certain information before them for further processing at JsRuntimeState::triggerShortStrEvent(). Ormandy has published a proof-of-concept code that exposes the vulnerability, but warns that the download of the file results in an immediate crash of the malware protection engine (MsMPEng).

HIGHLIGHT

Windows 10 creators update – these are the changes

Windows 10 1703 creators update offers numerous innovations for the surface and the security of Windows 10. And Redstone 3, the next update is already upon us.

Be the first to comment

Leave a Reply