Microsoft Issues Emergency Patch for Critical Flaw in Windows Security

  /     /     /  
Publicated : 22/11/2024   Category : security


Microsoft Issues Emergency Patch for Critical Flaw in Windows Security


Remote code execution vulnerability in Microsoft Malware Protection Engine was found by UK spy agencys National Cyber Security Centre (NCSC).



Microsoft late yesterday issued an emergency patch for its major Windows malware protection tool that fixes a critical vulnerability discovered by the UKs National Cyber Security Centre (NCSC), an arm of the Government Communications Headquarters (GCHQ) intelligence agency.
The remote code execution vulnerability (CVE-2017-11937) in the Microsoft Malware Protection Engine would allow an attacker to gain full control of Windows 7, 8, 10, and Windows Server systems via the Windows Defender feature that uses it. Also affected by the flaw are Microsoft Endpoint Protection, Microsoft Exchange Server 2013 and 2016, Microsoft Forefront Endpoint Protection, Microsoft Forefront Endpoint Protection 2010, and Microsoft Security Essentials.
An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights, Microsoft said in its security alert.
An exploit would require a special crafted file be scanned by the malware protection engine, and the malicious file could be served to a victim via email, a website, instant message, or via a hosting server, Microsoft said. Systems with Windows real-time protection enabled automatically get updated with the patch.
See Microsofts advisory
here
for more details.
 

Last News

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Issues Emergency Patch for Critical Flaw in Windows Security