Posted on 12/10/2017 7:55:42 PM PST by dayglored
Microsoft has posted an out-of-band security update to address a remote code execution flaw in its Malware Protection Engine.
Redmond says the flaw, dubbed CVE-2017-11937, has not yet been exploited in the wild. Because it is an out-of-band critical fix, however, it should be installed as soon as possible. For most users, this will happen automatically.
The security hole is present in Windows Defender and Microsoft Security Essentials, as well as Endpoint Protection, Forefront Endpoint Protection, and Exchange Server 2013 and 2016.
The bug was discovered and reported by the UK's National Cyber Security Centre – which is part of GCHQ, Blighty's spying nerve center.
According to Microsoft, the vulnerability can be triggered when the Malware Protection Engine scans a downloaded file to check for threats. In many systems this is set to happen automatically for all new files.
By exploiting a memory corruption error in the malware scanning tool, the attack file would be able to execute code on the target machine with LocalSystem privileges.
"There are many ways that an attacker could place a specially crafted file in a location that is scanned by the Microsoft Malware Protection Engine. For example, an attacker could use a website to deliver a specially crafted file to the victim's system that is scanned when the website is viewed by the user," Microsoft explains.
"An attacker could also deliver a specially crafted file via an email message or in an Instant Messenger message that is scanned when the file is opened. In addition, an attacker could take advantage of websites that accept or host user-provided content, to upload a specially crafted file to a shared location that is scanned by the Malware Protection Engine running on the hosting server."
Microsoft notes that, because Malware Protection Engine is set up to constantly receive updates, the fix will automatically be delivered over the air for most home users and many enterprise customers.
The out-of-band update comes just days before Microsoft is scheduled to post its December security updates with the December 12 Patch Tuesday release. Adobe typically follows suit with its own monthly patches on that day. ®
It showed me the ‘product’ but didn’t have any way to download it.
All I can say is that at least Linux does its updates, mostly without rebooting.
Updating M$ VM’s can be less dangerous as a clone can be made before M$ screws stuff up.
Do we have to do anything?
Do we need to update Java? I keep ignoring the updates, since I don't stream anything, play games, etc. and updates tend to muck up everything.
Can someone give me an update for Dummies run through on what should be done.
book mark
It took about 10 minutes to download and install before the required restart.
If you don't know what -that- means, it probably applies to you, and you can relax and ignore the rest of this comment. :-)
If you are running one of the affected malware products (e.g. I use Microsoft Security Essentials), it would be wise to open the application and tell it to update itself.
If you have turned off Windows Updates, or are doing updates manually, then it would be wise to download and install this update.
Personally, I'm just going to do the regular Patch Tuesday Windows Updates in a couple days and consider it a done deal.
But I guess I should do a backup, before Tuesday...right, just in case the update screws things up?
I ditched Windows and replaced it with Linux Mint, Cinnamon desktop. I wouldn’t consider going back.
My MSE has a place to manually update the definitions, but not the software itself. I think I have the general automatic updates turned off to try to keep out some of the Win10 style spyware that MS has been pushing out to Win7 users who refused the free 'upgrade' to 10. I guess I'll play around with things tomorrow evening. Too late to try to fight with MicroMess stuff tonight.
Maybe it’s what you get used to.
I run a dual boot, W10 and Linux Mint.
Hardly, if ever, do I boot in to Mint.
That's what I do. It's come in awfully handy a couple of times.
Frankly, that's the main reason I run Windows in VMs (virtual machines) these days. Doing a "backup" is simply making a copy of a (big) file. Doing a "restore" is simply copying it back. Quick and brainless.
That’s totally where I am.
The (evil - though they had some totally kool Yuge racing catamarans) Oracle’s Virtual Box seems to work well.
Takes minutes ilo endless hours...
I used VMWare player but it wanted to update every time it started. Now just Virtual Box for me.
I followed your “Redmond says” link...there’s nothing in the “Article” and “Download” columns for the Windows Defender entries...I guess MS is having a laugh at us...
Bookmark
Bookmark
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.