Two days ago a Malware Protection Engine vulnerability was published by Microsoft in the Security Advisory 4022344. In the meantime a urgent security patch was pushed out.
The Microsoft Malware Protection Engine is used by a lot of Microsofts products such as Windows Defender and Microsoft Security Essentials on consumer PCs, and also products as Microsoft Endpoint Protection, Microsoft Forefront, Microsoft System Center Endpoint Protection, or Windows Intune Endpoint Protection on the business side.
The attackers can execute remote code if a scan is processed by one of the products that uses the Malware Protection Engine, through a specific crafted file.
The vulnerability was found by Google Project Zero researchers: Tavis Ormandy and Natalie Silvanovich, that kept information hidden from the public and gave Microsoft 90 days in order to create a patch for the security patch. Tavis wrote on 6th of May on his Twitter page that this is the “worst Windows remote code exec in recent memory“.
In order to check if you’re affected or not by the vulnerability, please follow the exact steps as below:
- Tap on the Windows key from your keyboard, type Windows Defender and hit Enter to load the application. (Windows 10 Creators Update will launch Windows Defender Security Center)
- Click on the cogwheel icon in the lower left part of the interface and select the About link.
- Check that the Engine Version is at the very least 1.1.13704.0
If the Engine Version is lower than 1.1.13704.0 then please update immediately the product affected by the vulnerability.
We’re glad that the Malware Protection Engine got a fix patch so quick. I’ve just updated early this morning, because as you can see, my Engine Version was below the recommended one.