Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft's 'Malware Protection Engine' Had A Remote Code Execution Flaw (theregister.co.uk)

Posted by EditorDavid on from the who-watches-the-Watchmen? dept.

Slashdot reader Trax3001BBS shares an article from The Register: Microsoft posted an out-of-band security update Thursday to address a remote code execution flaw in its Malware Protection Engine. Redmond says the flaw, dubbed CVE-2017-11937, has not yet been exploited in the wild. Because it is an out-of-band critical fix, however, it should be installed as soon as possible. For most users, this will happen automatically.

The security hole is present in Windows Defender and Microsoft Security Essentials, as well as Endpoint Protection, Forefront Endpoint Protection, and Exchange Server 2013 and 2016... According to Microsoft, the vulnerability can be triggered when the Malware Protection Engine scans a downloaded file to check for threats. In many systems this is set to happen automatically for all new files. By exploiting a memory corruption error in the malware scanning tool, the attack file would be able to execute code on the target machine with LocalSystem privileges.

18 of 54 comments (clear)

  1. True enterprise grade by fubarrr · · Score: 1

    True enterprise grade bugs, now not only Apple's monopoly

    1. Re: True enterprise grade by Brockmire · · Score: 1

      Apple's bugs were not Enterprise grade, they were trivial. Stop trying to make Apple look better after another epic fail.

  2. I got a Mac instead of a Win10 laptop by Hal_Porter · · Score: 2

    Still, I've got to admit MS are doing a pretty decent job on security at the moment. This hole is already patched and the KRACK vulnerability was patched before it was made public

    https://www.bleepingcomputer.c...

    Pretty sneaky, Microsoft. While some vendors were scrambling to release updates to fix the KRACK Attack vulnerability released today, Microsoft, quietly snuck the fix into last week's Patch Tuesday.

    While Windows users were dutifully installing October 10th's Patch Tuesday security updates, little did they know they were also installing a fix for the KRACK vulnerability that was not publicly disclosed until today. This fix was installed via a cumulative update that included over 25 other updates, but didn't provide any useful info until you visited the associated knowledge basic article.

    Even if you were bored enough to actually click on the More info button, you would have had to be REALLY bored to even spot a reference to a vague mention of a wireless security update in the last bullet item of the knowledge base article.

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    1. Re:I got a Mac instead of a Win10 laptop by Zero__Kelvin · · Score: 2

      The KRACK vulnerability was fixed on every OS before it was made public. That was the whole prerequisite to it being made public. You might as well congratulate your girlfriend on waiting to get an STD until after she had sex.

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
    2. Re: I got a Mac instead of a Win10 laptop by c6gunner · · Score: 1

      I would have been more impressed if she got an STD before she has sex.

    3. Re:I got a Mac instead of a Win10 laptop by Hal_Porter · · Score: 1

      Google took didn't fix it until after it was made public. Neither did Apple. And if you have an Android device you need to wait for the vendor to release it.

      https://techcrunch.com/2017/10...

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    4. Re: I got a Mac instead of a Win10 laptop by Zero__Kelvin · · Score: 1

      Yeah ... that's the point.

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
    5. Re: I got a Mac instead of a Win10 laptop by Zero__Kelvin · · Score: 3, Informative

      You should be careful where you get your news. That article says Microsoft was "leading the pack" even though OpenBSD had the fix months earlier because Theodore the rat violated the agreement for all vendors to wait and fix it at the same time. Linux also already had a fix. Google and Apple both had fixes as well; they just hadn't rolled them out to every device yet. If you know anything about Android you know it is outside of Google's control, just as the Linux team can't force every distro to roll out a patch. Again, "Microsoft is leading the pack here" is a bald faced lie.

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
    6. Re: I got a Mac instead of a Win10 laptop by Brockmire · · Score: 1

      Wow, about Theo. I wonder if that puts future disclosures at risk of being left out of early notification. Did he slip it in or was it obvious and noted in changelogs?

  3. Translation by slshdtisctrldbysjws · · Score: 2

    Remote Code Execution Flaw

    =

    Engineered Vulnerability

    The deck is stacked against us. Publicly traded companies and the federal government are the same entity. They are conspiring to throw us down into the deepest possible slavery and probably to kill/sterilize us once they have the machines to replace us.

    The possibility to resolve this problem without utter chaos lasting indefinitely is closing. Those of us who realize the threat need to band together NOW and bleed this system dry with sabotage and seek to rebuild our republic.

    --
    My karma was manually wiped by site staff https://slashdot.org/~slshdtisctrldbysjws 18 mod up, 10 mod down = bad karma
    1. Re:Translation by chill · · Score: 1

      You joke, but The Four Nobel Truths of Buddhism are:

      1) All life is suffering
      2) Suffering is caused by desire
      3) Eliminate desire and you eliminate suffering
      4) Follow the Noble Eightfold Path to eliminate desire.

      --
      Learning HOW to think is more important than learning WHAT to think.
    2. Re:Translation by Zero__Kelvin · · Score: 2

      Great. Now if you would just take the final step and go "no computer" we would all appreciate it. Thanks.

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  4. Re:I'm already secure against this by NicknameUnavailable · · Score: 1

    If you haven't caught on by now: Microsoft employs a form of rotating backdoor where a set of patches fix security holes but introduce new ones. It's a method to keep the backdoor secure against third parties while still allowing them access. It's technically "secure against this," unless you define "this" to mean "the backdoor" instead of "the specific implementation of the backdoor," in which case it is not and will likely never be.

  5. Yanno by nehumanuscrede · · Score: 1

    I refuse to even consider anything by APK, not because of who they are but, because of how often they spam their work on here.

    There is a point where advertising becomes counter-productive and I just start ignoring it or take steps to eradicate it.

  6. Microsoft Security Flaw? by hduff · · Score: 1

    https://i.imgur.com/he21BvU.jp...

    --
    "I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
  7. Again! by Chris+Mattern · · Score: 1

    "Out of band" does not mean "unscheduled", you dozy twats!

  8. Re: Mine (no bugs to date for 5++ yrs. now) by Brockmire · · Score: 1

    I know you have lists of domains to block, but how are you avoiding using any DNS lookups to actually speed things up? Do you have millions of entries in your hosts file? Between 4-7% of my daily DNS traffic is blocked for ads. All the good sites still need to be looked up by DNS. Which doesn't change the speed at all using your hosts shit. Stop lying about the benefits of your fucking hosts app. You're clueless with all the supposed advantages you falsely claim. It's just a fucking list aggregator, it's nothing special. If someone gave you a cookie and a pat on the back, would you fuck off?

  9. Re:I'm already secure against this by phantomfive · · Score: 1

    Apparently you use a browser. Your security has a huge hole.

    --
    "First they came for the slanderers and i said nothing."