Microsoft fixes 'crazy bad' Windows vulnerability

Place you can talk about other things not related to autopatcher.
Post Reply
parkd1
Moderator
Moderator
Posts: 333
Joined: Tue Jan 07, 2014 4:33 pm

Microsoft fixes 'crazy bad' Windows vulnerability

Post by parkd1 »

Over the weekend, two of Google’s Project Zero security researchers announced that they had discovered a "crazy bad" Windows exploit, describing it as the "worst in recent memory."

Project Zero gives firms 90 days to fix such discoveries, but Microsoft swiftly jumped on this problem, and just two days later has come up with a fix.

The Project Zero team explains that the problem was found with Microsoft's Malware Protection service, MsMpEng. Vulnerabilities in MsMpEng are among the most severe in Windows, due to the "privilege, accessibility, and ubiquity of the service." The flaw allowed attackers to access mpengine by sending emails to users (reading the email or opening attachments is not necessary), having them visit links in a web browser, or through instant messaging.

The Security Update for Microsoft Malware Protection Engine, detailed in Security Advisory 4022344, fixes the issue. Microsoft explains:

The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system.

The fix, for Windows 7, 8.1, RT and 10, is available now via Windows Update.

https://betanews.com/2017/05/09/microso ... erability/
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Re: Microsoft fixes 'crazy bad' Windows vulnerability

Post by Whatacrock »

Microsoft Fixes Security Flaw Discovered by Google in Record Time

Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich discovered what they described as a “crazy bad” vulnerability in Windows during the weekend, with Microsoft automatically granted a period of 90 days to patch it before all details go public.

Microsoft, however, managed to fix this security vulnerability in record time, with the patch now being shipped via Windows Update.

In addition, the software giant has already provided more information on this security flaw, explaining that it resided in the company’s anti-malware protection engine in Windows 7, 8.1, RT, and 10.

The remote code execution flaw would have allowed an attacker to take control of a system using malicious code included in emails, crafted websites, or instant messages. The worst thing is that attackers can exploit the flaw without users even reading the emails or opening the attachments, and this is probably why the Google security experts described it as one of the critical RCE vulnerabilities found in Windows in recent times.

In an advisory published today, Microsoft explains that if real-time protection is activated on the vulnerable system, scanning the infected files automatically triggers the exploit. If this option is turned off, the attacker must wait until the victim manually scans the file.
"Update as soon as possible"

Microsoft is recommending users to update their systems as soon as possible and says that the Malware Protection Engine with the patched vulnerability is version 1.1.13704.0. The vulnerable version is 1.1.13701.0.

To check your version, open the Settings app in Windows 10 and head over to Update & security > Windows Defender and look for the line that reads Engine version.

“The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system,” Microsoft explains.

To get the update right now, users need to head over to Settings > Update & security > Windows Update > Check for updates. A reboot is not required, but until systems are patched, it’s recommended to stay away from content coming from unknown sources and, if possible, to disable real-time protection, even though that obviously opens the door to other risks.

http://news.softpedia.com/news/microsof ... 5537.shtml
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"
Post Reply