Microsoft Issues Emergency Patch for Critical Flaw in Windows Security

  /     /     /  
Publicated : 22/11/2024   Category : security

Microsoft Issues Emergency Patch for Critical Flaw in Windows Security


Remote code execution vulnerability in Microsoft Malware Protection Engine was found by UK spy agencys National Cyber Security Centre (NCSC).


Microsoft late yesterday issued an emergency patch for its major Windows malware protection tool that fixes a critical vulnerability discovered by the UKs National Cyber Security Centre (NCSC), an arm of the Government Communications Headquarters (GCHQ) intelligence agency.
The remote code execution vulnerability (CVE-2017-11937) in the Microsoft Malware Protection Engine would allow an attacker to gain full control of Windows 7, 8, 10, and Windows Server systems via the Windows Defender feature that uses it. Also affected by the flaw are Microsoft Endpoint Protection, Microsoft Exchange Server 2013 and 2016, Microsoft Forefront Endpoint Protection, Microsoft Forefront Endpoint Protection 2010, and Microsoft Security Essentials.
An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights, Microsoft said in its security alert.
An exploit would require a special crafted file be scanned by the malware protection engine, and the malicious file could be served to a victim via email, a website, instant message, or via a hosting server, Microsoft said. Systems with Windows real-time protection enabled automatically get updated with the patch.
See Microsofts advisory
here
for more details.
 

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Microsoft Issues Emergency Patch for Critical Flaw in Windows Security