Malware Protection Engine: Microsoft has released an urgent security update for all supported versions of Windows. The security update addresses a remote code execution defect (RCE) found in the Malware Protection Engine.
Η vulnerability has the identifier CVE-2017-11937, and has been confirmed on Windows 7, Windows 8.1, Windows 10, Windows RT 8.1 και Windows Server που χρησιμοποιούν το λογισμικό ασφαλείας της Microsoft (Windows DefenderMicrosoft Security Essentials, Endpoint Protection, and Intune Endpoint Protection).
According to Microsoft, the flaw exists in the way the Malware Protection Engine handles a specially crafted (malicious) archive. The file can trick Microsoft's engine and cause memory corruption. It then gives the attacker rights to run whatever code they want on the victim's system.
As you understand this could give the attacker complete control of the system, with administrator privileges.
attack ο κακόβουλος χρήστης θα πρέπει να προωθήσει ένα ειδικά διαμορφωμένο αρχείο στον υπολογιστή του θύματος και αυτό μπορεί να γίνει μέσω μηνυμάτων ηλεκτρονικού post officey, chat applications or with links to websites that host the file.
"If real-time (antimalware) scanning is not enabled, the attacker will have to wait for a scheduled scan to take advantage of the vulnerability. All systems running the Malware Protection Engine are primarily at risk. ”
Microsoft says the vulnerability has not been made public and is not aware of any exploits to date.
The update is applied automatically by the Malware Protection Engine, and Microsoft states that the patch will be implemented within 48 hours of the release of the update. So even if you do not update your system, Microsoft will do it automatically…. you want you do not want.