Microsoft released Security Advisory 2974294 which relates to a vulnerability which could allow denial of service if the Microsoft Malware Protection Engine scans a specially crafted file.
Microsoft is not aware of code existing for the vulnerability.
The vulnerability affects the following software:
- Microsoft Forefront Client Security
- Microsoft Forefront Endpoint Protection 2010
- Microsoft Forefront Security for SharePoint Service Pack 3
- Microsoft System Center 2012 Endpoint Protection
- Microsoft System Center 2012 Endpoint Protection Service Pack 1
- Microsoft Malicious Software Removal Tool (May 2014 or earlier)
- Microsoft Security Essentials
- Microsoft Security Essentials Prerelease
- Windows Defender for Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2
- Windows Defender for Windows RT and Windows RT 8.1
- Windows Defender for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
- Windows Defender Offline
- Windows Intune Endpoint Protection
RecommendationsDue to update mechanism, an updated Malware Protection Engine will be applied within 48 hours of release, the timing dependent upon location and Internet connection. Thus, action on your part is not required.
To update Microsoft Security Essentials now, merely launch MSE and check for updates. The updated Engine Version is 1.1.10701.0 or higher. To check, click the arrow next to Help and click About.
- CVE Reference: CVE-2014-2779
- MSRC: Microsoft releases Security Advisory 2974294
- Tech Net Advisory: Microsoft Security Advisory 2974294, Vulnerability in Microsoft Malware Protection Engine Could Allow Denial of Service
Remember - "A day without laughter is a day wasted." May the wind sing to you and the sun rise in your heart...