ltechnologygroup.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.
On Wednesday, Microsoft started rolling out an update to all Windows products that rely on the Malware Protection Engine for security scans.
The update brings a security bugfix for a bug discovered by the UK National Cyber Security Centre (NCSC), a branch of the UK Government Communications Headquarters (GCHQ), the country’s official intelligence and security agency.
Critical MMPE bug allows remote code execution
Microsoft says the bug —tracked as CVE-2017-11937— is rated “Critical” in terms of severity and allows remote code execution on vulnerable products.
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this flaw, an attacker must first craft a malformed file and send it to a remote computer, via email, inside IM messages, as part of a website’s code when the user accesses the site, or place it in other locations that are scanned by the Microsoft Malware Protection Engine by default.
The Microsoft Malware Protection Engine is designed to scan files in real time automatically, leading to immediate and easy exploitation of the vulnerability.
The Malware Protection Engine is included with products such as Windows Defender, Microsoft Security Essentials, Microsoft Endpoint Protection, and Windows Intune Endpoint Protection — on all currently supported Windows versions, which are Windows 7 and later.
Patched in MMPE v1.1.14405.2
Microsoft patched this bug in the Microsoft Malware Protection Engine version 1.1.14405.2.
The good news is that Microsoft has specifically designed a self-update mechanism for this component. This means that most users have already silently received this update unless they have opted to block MMPE updates by tweaking registry keys or via group policies.
In this case, users should take note of this critical MMPE update and allow the component to upgrade.
This is not the only critical-level fix the MMPE component received this year. There have been three other similar bugs this year alone that would have allowed attackers to remotely execute code on Windows workstations running outdated MMPE components [1, 2, 3].
At L Technology Group, we know technology alone will not protect us from the risks associated with in cyberspace. Hackers, Nation States like Russia and China along with “Bob” in HR opening that email, are all real threats to your organization. Defending against these threats requires a new strategy that incorporates not only technology, but also intelligent personnel who, eats and breaths cybersecurity. Together with proven processes and techniques combines for an advanced next-generation security solution. Since 2008 L Technology Group has develop people, processes and technology to combat the ever changing threat landscape that businesses face day to day.
Call Toll Free (855) 999-6425 for a FREE Consultation from L Technology Group, https://www.ltechnologygroup.com.