Skip to content ↓ | Skip to navigation ↓

Microsoft has announced the release of a patch to mitigate a denial of service (DoS) vulnerability in the company’s Malware Protection Engine which affects multiple products, including Windows Defender, Forefront, Security Essentials and others.

“The vulnerability could allow denial of service if the Microsoft Malware Protection Engine scans a specially crafted file,” the Microsoft advisory explained. “An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted.”

The advisory says there are several ways an attacker could position the specially crafted file needed for a successful DoS attack to be scanned by the Microsoft Malware Protection Engine, such as setting up a malicious website or by abusing websites that allow user-provided content where the attacker could upload the specially crafted that would then be scanned by the Malware Protection Engine running on the host server.

“If the affected antimalware software has real-time protection turned on, the Microsoft Malware Protection Engine will scan files automatically, leading to exploitation of the vulnerability when the specially crafted file is scanned. If real-time scanning is not enabled, the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited.”

Microsoft said the patch for this vulnerability will be automatically pushed out to the Microsoft Malware Protection Engine within the next 48 hours, and in most cases no measures will be required to install the update.

“Typically, no action is required of enterprise administrators or end users to install updates for the Microsoft Malware Protection Engine, because the built-in mechanism for the automatic detection and deployment of updates will apply the update within 48 hours of release. The exact time frame depends on the software used, Internet connection, and infrastructure configuration.”

Read More Here…