Malware Protection Engine: Microsoft has released an emergency update security για όλες τις υποστηριζόμενες εκδόσεις των Windows. Η ενημέρωση ασφαλείας έρχεται να αντιμετωπίσει ένα ελάττωμα εκτέλεσης απομακρυσμένου κώδικα (remote code execution ή RCE) που βρέθηκε στο Malware Protection Engine.
Vulnerability has the ID CVE-2017-11937, και έχει επιβεβαιωθεί στα Windows 7, Windows 8.1, Windows 10, Windows RT 8.1 και Windows Server who use it security software by Microsoft (Windows Defender, Microsoft Security Essentials, Endpoint Protection, and Intune Endpoint Protection).
According to Microsoft, the flaw exists in the way the Malware Protection Engine handles a specially crafted (malicious) file. The file can trick Microsoft's engine and cause memory corruption (memory corruption). It then gives the attacker rights to run whatever code they want on the victim's system.
As you understand this could give the attacker complete control of the system, with administrator privileges.
attack the malicious user should forward a specially formatted file to the victim's computer and this can be done via emails, chat applications or links to websites that host the file.
"If real-time (antimalware) scanning is not enabled, the attacker will have to wait for a scheduled scan to take advantage of the vulnerability. All systems running the Malware Protection Engine are primarily at risk. ”
Microsoft says the vulnerability has not been made public and is not aware of any exploits to date.
The update is applied automatically by the Malware Protection Engine, and Microsoft states that the patch will be implemented within 48 hours of the release of the update. So even if you do not update your system, Microsoft will do it automatically…. you want you do not want.