Malware Protection Engine: Microsoft has released an urgent security update for all supported versions of Windows. The security update addresses a remote code execution defect (RCE) found in the Malware Protection Engine.
Vulnerability has the ID CVE-2017-11937, and has been confirmed on Windows 7, Windows 8.1, Windows 10, Windows RT 8.1 και Windows Server που χρησιμοποιούν το security software της Microsoft (Windows Defender, Microsoft Security Essentials, Endpoint Protection, and Intune Endpoint Protection).
According to Microsoft, the flaw exists in the way the Malware Protection Engine handles a specially crafted (malicious) file. The file can trick Microsoft's engine and cause memory corruption (memory corruption). Στη συνέχεια δίνει στον εισβολέα δικαιώματα να εκτελέσει ότι κώδικα θέλει στο system of the victim.
As you understand this could give the attacker complete control of the system, with administrator privileges.
attack the malicious user should forward a specially formatted file to the victim's computer and this can be done via emails, chat applications or links to websites that host the file.
"If real-time (antimalware) scanning is not enabled, the attacker will have to wait for a scheduled scan to take advantage of the vulnerability. All systems running the Malware Protection Engine are primarily at risk. ”
Microsoft says the vulnerability has not been made public and is not aware of any exploits to date.
The update is applied automatically by the Malware Protection Engine, and Microsoft states that the patch will be implemented within 48 hours of the release of the update. So even if you do not update your system, Microsoft will do it automatically…. you want you do not want.