14 DAY TRIAL // Microsoft has delivered an emergency security update for the Malware Protection Engine after a Google engineer discovered a Remote Code Execution (RCE) flaw that would allow an attacker to even take control of a vulnerable system.
Since the bug exists in the Malware Protection Engine that powers Microsoft’s security products, Windows Defender, Microsoft Exchange Server 2013 and 2016, as well as Microsoft Security Essentials, are all exposed to exploits. The flaw was discovered by Thomas Dullien of Google Project Zero.
Microsoft explains in an advisory (via BC) that a successful attack involves the antivirus solution scanning a crafted file. In other words, the attacker must find a way to drop this file on the target system, and Microsoft says that the typical methods can be used, such as instant messaging, email, or direct downloads from third-party websites.
Patch, patch, patch
The vulnerability is triggered when the antivirus solution scans the malicious file, and if real-time protection is not enabled, the attacker must wait until the scanning begins, Microsoft says.
“If the affected AntiMalware software has real-time protection turned on, the Microsoft Malware Protection Engine will scan files automatically, leading to exploitation of the vulnerability when the specially crafted file is scanned. If real-time scanning is not enabled, the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited. All systems running an affected version of antimalware software are primarily at risk,” the firm says.
The new patch fixes the way Microsoft’s Malware Protection Engine scans crafted files, so once the update is deployed, even if the compromised item lands on your system, an exploit should no longer be effective.
The version of the Microsoft Malware Protection Engine that you need to update to in order to be protected is 1.1.14700.5. You can check this version by launching the Windows Defender Security Center and going to Settings > About.