Microsoft Fixes Flaw in Malware Protection

Wednesday, June 18, 2014 @ 05:06 PM gHale


Microsoft updated its Malware Protection Engine to fix a security vulnerability that could allow a denial of service (DoS) if the Microsoft Malware Protection Engine scans a specially crafted file.

The flaw affects the engine that provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software.

RELATED STORIES
Extreme Risk: SMBs Still Using XP
Big Patch Tuesday for Microsoft
Warning over XP Update Trap
How to Mitigate Potential XP Vulnerabilities

“An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted,” the company said in its advisory.

“There are many ways that an attacker could place a specially crafted file in a location that is scanned by the Microsoft Malware Protection Engine,” they said. “For example, an attacker could use a website to deliver a specially crafted file to the victim’s system that is scanned when the website is viewed by the user. An attacker could also deliver a specially crafted file via an email message or in an Instant Messenger message that is scanned when the file is opened. In addition, an attacker could take advantage of websites that accept or host user-provided content, to upload a specially crafted file to a shared location that is scanned by the Malware Protection Engine running on the hosting server.”

“If the affected anti-malware software has real-time protection turned on, the Microsoft Malware Protection Engine will scan files automatically, leading to exploitation of the vulnerability when the specially crafted file is scanned. If real-time scanning is not enabled, the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited.”

The good news is enterprise administrators or end users do not have to do anything about this – the default configuration in Microsoft anti-malware software helps ensure malware definitions and the engine stay up to date automatically.

The vulnerability is not undergoing exploitation in the wild. Tavis Ormandy of Google Project Zero shared information about the flaw.



Leave a Reply

You must be logged in to post a comment.