Skip to main content
search
Articles

Microsoft issued an emergency Windows Security Update to address a critical flaw, tracked as CVE-2017-11937

By December 8, 2017#!31Sat, 02 Mar 2019 20:18:11 -0300p1131#31Sat, 02 Mar 2019 20:18:11 -0300p-8America/Sao_Paulo3131America/Sao_Paulox31 02pm31pm-31Sat, 02 Mar 2019 20:18:11 -0300p8America/Sao_Paulo3131America/Sao_Paulox312019Sat, 02 Mar 2019 20:18:11 -0300188183pmSaturday=904#!31Sat, 02 Mar 2019 20:18:11 -0300pAmerica/Sao_Paulo3#March 2nd, 2019#!31Sat, 02 Mar 2019 20:18:11 -0300p1131#/31Sat, 02 Mar 2019 20:18:11 -0300p-8America/Sao_Paulo3131America/Sao_Paulox31#!31Sat, 02 Mar 2019 20:18:11 -0300pAmerica/Sao_Paulo3#No Comments

December 8, 2017 By Pierluigi Paganini

Microsoft issued an emergency Windows Security Update to address a critical vulnerability, tracked as CVE-2017-11937, which affects the Malware Protection Engine (MPE).

The emergency fix comes a few days before Microsoft is scheduled to roll out its December Patch Tuesday updates.

The critical RCE flaw could be exploited by an attacker to take full control of a victim's PC. The Malware Protection Engine (MPE) is the main component of the Windows defense system and it implements basic features like scanning, detection, and cleaning.

Windows Malware Protection Engine is enabled by default and is used by Microsoft antivirus and antimalware software implemented in its solutions, including Windows Defender and Microsoft Security Essentials along with Endpoint Protection, Forefront Endpoint Protection, and Exchange Server 2013 and 2016, impacting Windows 7 , Windows 8.1, Windows 10, Windows RT 8.1, and Windows Server.

The CVE-2017-11937 flaw is a memory corruption vulnerability that is triggered when the Malware Protection Engine scans a specially crafted file for a malicious code.

Triggering the flaw, the attacker can execute malicious code in the security context of the LocalSystem account and take full control of the target's computer, which means that it could install further malicious code and create accounts with maximum privileges.

“A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. ” reads the security advisory published by Microsoft.

“To exploit this vulnerability, a specially crafted file must be scanned by an affected version of the Microsoft Malware Protection Engine.”

To trigger the flaw, a remote attacker could place a specially crafted malicious file in a location that is scanned by the Malware Protection Engine and this is possible to do in many ways. An attacker, for example, could set up a website to deliver a specially crafted file that is scanned when the victim visits the site.

Another possible attack vector is represented by email, the attacker could deliver a specially crafted file via email, it is also possible to exploit Instant Messenger services for the same purpose.

Microsoft issued an emergency Windows Security Update to address a critical vulnerability, tracked as CVE-2017-11937, which affects the Malware Protection Engine (MPE).

The emergency fix comes a few days before Microsoft is scheduled to roll out its December Patch Tuesday updates.

The critical RCE flaw could be exploited by an attacker to take full control of a victim's PC. The Malware Protection Engine (MPE) is the main component of the Windows defense system and it implements basic features like scanning, detection, and cleaning.

Windows Malware Protection Engine is enabled by default and is used by Microsoft antivirus and antimalware software implemented in its solutions, including Windows Defender and Microsoft Security Essentials along with Endpoint Protection, Forefront Endpoint Protection, and Exchange Server 2013 and 2016, impacting Windows 7 , Windows 8.1, Windows 10, Windows RT 8.1, and Windows Server.

The CVE-2017-11937 flaw is a memory corruption vulnerability that is triggered when the Malware Protection Engine scans a specially crafted file for a malicious code.

Triggering the flaw, the attacker can execute malicious code in the security context of the LocalSystem account and take full control of the target's computer, which means that it could install further malicious code and create accounts with maximum privileges.

“A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. ” reads the security advisory published by Microsoft.

“To exploit this vulnerability, a specially crafted file must be scanned by an affected version of the Microsoft Malware Protection Engine.”

To trigger the flaw, a remote attacker could place a specially crafted malicious file in a location that is scanned by the Malware Protection Engine and this is possible to do in many ways. An attacker, for example, could set up a website to deliver a specially crafted file that is scanned when the victim visits the site.

Another possible attack vector is represented by email, the attacker could deliver a specially crafted file via email, it is also possible to exploit Instant Messenger services for the same purpose.

Tags:

Leave a Reply

Close Menu