Microsoft Issues Emergency Windows Security Update For A Critical Vulnerability
If your computer is running Microsoft’s Windows operating system, then you need to apply this emergency patch immediately. By immediately, I mean now!
Microsoft has just released an emergency security patch to address a critical remote code execution (RCE) vulnerability in its Malware Protection Engine (MPE) that could allow an attacker to take full control of a victim’s PC.
Enabled by default, Microsoft Malware Protection Engine offers the core cybersecurity capabilities, like scanning, detection, and cleaning, for the company’s antivirus and antimalware programs in all of its products.
According to Microsoft, the vulnerability affects a large number of Microsoft security products, including Windows Defender and Microsoft Security Essentials along with Endpoint Protection, Forefront Endpoint Protection, and Exchange Server 2013 and 2016, impacting Windows 7, Windows 8.1, Windows 10, Windows RT 8.1, and Windows Server.
Tracked as CVE-2017-11937, the vulnerability is a memory corruption issue which is triggered when the Malware Protection Engine scans a specially crafted file to check for any potential threat.
Flaw Lets Hackers Take Full Control of Your Computer
Successful exploitation of the flaw could allow a remote attacker to execute malicious code in the security context of the LocalSystem account and take control of the target’s computer.
Microsoft said an attacker could place a specially crafted malicious file in a location that is scanned by the Malware Protection Engine to exploit the memory corruption flaw which eventually leads to remote code execution.
“There are many ways that an attacker could place a specially crafted file in a location that is scanned by the Microsoft Malware Protection Engine. For example, an attacker could use a website to deliver a specially crafted file to the victim’s system that is scanned when the website is viewed by the user,” the report from Microsoft explained.
Other ways to deliver a specially crafted file could be via emails or Instant Messenger services. The attacker could also “take advantage of websites that accept or host user-provided content, to upload a specially crafted file to a shared location that is scanned by the Malware Protection Engine running on the hosting server,” the report said.
Patch! Patch! Patch!
Microsoft assured its customers that the vulnerability was fixed before any misuses in the wild.
The company has released an out-of-band critical update for the flaw and advised users to install it as soon as possible. Most home users and many enterprise customers will get the emergency patch automatically over the air.
The security vulnerability was discovered and reported to Microsoft by the UK’s National Cyber Security Centre (NCSC), a cyber defence organization of Britain’s signals intelligence and cybersecurity agency, known as GCHQ.
The emergency fix comes just days before Microsoft is scheduled to roll out its December Patch Tuesday updates.
Now your take on this argument.
We would also like to hear what you feel about the topic we discussed today. Your feedback is very important to us. Feel free to drop your comments and recommendations. If you have a contrary opinion, you can drop that too.
You can also join our Facebook Page CRMNigeria for more updates. You can do that by clicking on the link or searching for our page on Facebook.
You need to confirm your subscription by clicking on the link sent to you. You can check the spam folder for it. Add us to your mailing list to receive directly from us.
PS: Click on the link below to sign up for my Online E-Course CRM Training. Make sure you confirm your subscription by clicking on the link sent to you. Thanks.
Adeniyi Salau (CCNA,CDMP, CEP, MOS, MCP, CSCU (Project 2016) is a Google and Beingcert Certified Digital Marketer, Project Manager and SEO Expert of repute with about a decade of Blogging and online marketing experience. He is always ready to share his experience with others.