A critical vulnerability in the Microsoft Malware Protection Engine was disclosed by Google Project Zero, a dedicated team tasked with identifying zero day exploits. The vulnerability allowed for malicious attackers to take over the system remotely, and execute arbitrary code of their choice on the affected machines. The vector of attack was a specially crafted file that could be sent through email, instant messaging programs or through web sites. The vulnerability was really bad, according to those who discovered it.
I think @natashenka and I just discovered the worst Windows remote code exec in recent memory. This is crazy bad. Report on the way.
— Tavis Ormandy (@taviso) May 6, 2017
The Microsoft Malware Protection Engine scans the files anywhere in the system, including temporary files, cache, downloads and attachments. Any time the file was scanned by the security software, the attackers could gain the ability to execute code on the system. The scanning would take place continuously at most times, but the attackers could also get hold of the system if the scans were scheduled to take place at particular times of the day.
Microsoft quickly scrambled to fix the critical vulnerability. There are no steps necessary by system administrators or end users. Usually, the Microsoft Malware Protection Engine automatically gets the updates from Microsoft servers, and the fix should roll out to all systems within 48 hours. The latest version of the Microsoft Malware Protection Engine has addressed the vulnerability. There are no known cases of the vulnerability actually being exploited by malicious hackers.
Published Date: May 10, 2017 11:15 am | Updated Date: May 10, 2017 11:15 am