RCE, DoS Holes Plugged in MMPE

Tuesday, May 30, 2017 @ 03:05 PM gHale


Sometimes fixing one issue, leads to other problems and that seems to be the case with the Microsoft Malware Protection Engine (MMPE).

The MMPE remote code execution flaw ended up fixed, but now another MMPE security update released that mitigated eight flaws that could lead to remote code execution (RCE) or to a denial of service (DoS).

RELATED STORIES
XP Under New Attack
Patch Tuesday Moves to Fend Off Attacks
Microsoft Malware System Hole Fixed
Hackers Jump on Patched Zero Day

Given that MMPE powers an amount of Microsoft antimalware software, DoS vulnerabilities should be considered serious, since a successfully exploited vulnerability could prevent the MMPE from monitoring affected systems until the service restarts.

All these vulnerabilities – CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, CVE-2017-8538, CVE-2017-8539, CVE-2017-8540, CVE-2017-8541, CVE-2017-8542 – ended up discovered by Google Project Zero researcher Mateusz Jurczyk.

He found them through fuzzing.

No specific details were offered, except they can end up triggered by a specially crafted file that has to be scanned by an affected version of the MMPE in order for the exploit to work.

Such a file could be offered for download on a website, or delivered via email or instant message.

“In addition, an attacker could take advantage of websites that accept or host user-provided content, to upload a specially crafted file to a shared location that is scanned by the Malware Protection Engine running on the hosting server,” Microsoft said.

The security issues have been fixed in version 1.1.13804.0 of the Microsoft Malware Protection Engine.

The newest version of the engine is usually automatically downloaded and implemented by the security software that uses it.



Leave a Reply

You must be logged in to post a comment.