Yesterday, Microsoft released a patch to fix a remote code execution flaw, CVE-2017-11937, in its Malware Protection Engine (MPE).
The Microsoft Malware Protection Engine is the core cybersecurity base for Microsoft’s anti-virus/anti-spyware programs in all of the company’s products.
The security issue is present in Windows Defender, Microsoft Security Essentials, Forefront Endpoint Protection, Endpoint Protection, and Exchange Server 2013 and 2016. The CVE-2017-11937 vulnerability can be exploited when the Malware Protection Engine scans a file to check for threats, which happen automatically for all new files in many systems.
Hackers could exploit a memory corruption flaw in the malware scanning tool, allowing the attack file to execute code on the targeted machine. This flaw sparked criticism from cybersecurity experts about the way Microsoft builds their security products. One security developer said, “Microsoft exposed their users to a lot of risks when they released Windows Defender without a sandbox. This surprised me. Sandboxing is one of the most effective security-hardening technique, why leave Windows Defender unprotected?”
Fortunately, in spite of the irony, the vulnerability hasn’t yet been exploited in the wild, and users highly urged to run the fix as soon as possible. For most systems, the update will run automatically. Seriously, stop giggling, and run the update.
Dave Kennedy is the Founder of TrustedSec and Co-Founder and Chief Technology Officer of Binary Defense. He started both these companies with the goal of improving the security industry and promoting the advancement of the industry through quality services.