Tuesday, June 17, 2014

Microsoft Security Advisory 2974294, Malware Protection Engine

Security Advisory
Microsoft released Security Advisory 2974294 which relates to a vulnerability which could allow denial of service if the Microsoft Malware Protection Engine scans a specially crafted file.

Microsoft is not aware of code existing for the vulnerability.

The vulnerability affects the following software:
  • Microsoft Forefront Client Security
  • Microsoft Forefront Endpoint Protection 2010
  • Microsoft Forefront Security for SharePoint Service Pack 3
  • Microsoft System Center 2012 Endpoint Protection
  • Microsoft System Center 2012 Endpoint Protection Service Pack 1
  • Microsoft Malicious Software Removal Tool (May 2014 or earlier)
  • Microsoft Security Essentials
  • Microsoft Security Essentials Prerelease
  • Windows Defender for Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2
  • Windows Defender for Windows RT and Windows RT 8.1
  • Windows Defender for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
  • Windows Defender Offline
  • Windows Intune Endpoint Protection 
Microsoft Forefront Server Security Management Console and Microsoft Internet Security and Acceleration (ISA) Server are not affected because they do not use the Malware Protection Engine.

Recommendations 

Due to update mechanism, an updated Malware Protection Engine will be applied within 48 hours of release, the timing dependent upon location and Internet connection.  Thus, action on your part is not required.

To update Microsoft Security Essentials now, merely launch MSE and check for updates.  The updated Engine Version is 1.1.10701.0 or higher.  To check, click the arrow next to Help and click About.

Microsoft Security Essentials



References:


Remember - "A day without laughter is a day wasted." May the wind sing to you and the sun rise in your heart...

No comments: