This security vulnerability could allow attackers to execute arbitrary code and take control of a system as warned by Microsoft previously.
There is a flaw found in Microsoft’s Malware Protection Engine. This flaw makes it possible for an attacker to gain control of a machine whenever the target’s antivirus software scans a malicious file.
There is a silver lining to this. Microsoft has patched the security hole that makes the attack possible. The only thing that Microsoft Windows users do is to make sure their MMPE is updated to the latest version as soon as possible. Up to this writing, there has not been any report that this flaw has been exploited yet. Good thing is that it has already been fixed and the exploits would not work through this.
This is really huge if they have not fixed it. Imagine this, all currently supported Windows versions and Windows Servers is susceptible to this. Computers configured to install automatic updates should be fine, however the ones that are not should have theirs updates as soon as possible.
Even though patches have been released, this does not stop malware developers from writing code to target this flaw. Microsoft has not disclosed specific details of the attack and has been very vague about it.
The attack is simple in principle and relies on an attacker exploiting the MMPE’s improper scanning of certain specially crafted files (no additional details on file type are given). An MMPE scan of the malicious file results in memory corruption that allows an attacker to execute code remotely on the affected machine.
In the event an attacker was successful in utilizing this flaw, in theory, he gains complete access over the victims computer.
An attacker could use a compromised website to deliver the file, send it as an email/messaging attachment, or place the file on a cloud drive, which Microsoft says could cause the host server to become affected and that is all that is needed. No elaborate or sophisticated process needed.
This makes it easy to spread the infection because the anti-malware that uses the MMPE running real-time protection would scan malicious files automatically which in theory would result to instant infection.
As another friendly reminder, home users and administrators should make sure they update to the latest MMPE version, 1.1.14700.5. Microsoft’s anti-malware software defaults to automatically download updates, so the average user should be safe.
Was this helpful?
As we value quality over quantity, we have focused our unified I.T. services to Small and Medium businesses only to Arizona specifically in Phoenix, Scottsdale, Glendale Metro areas.
Our technicians are available the very instant you call us; thereby, ensuring no interruption of your usual business operations. In case you can’t access our contact page, our phone support is always available to cater to your calls. Just give us a ring at 480-464-0202