Microsoft released Security Advisory 4022344 about an update to the Microsoft Malware Protection Engine. The update addresses a security vulnerability that was reported to Microsoft.
The vulnerability addressed in the update could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. According to the Advisory,
"An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system."
An updated MSRT will be included with the Security Updates on May 9. Windows Defender will automatically update or can be manually launched and checked for updates.
References:
- Microsoft Security Advisory 4022344
- CVE-2017-0290: Microsoft Malware Protection Engine Remote Code Execution Vulnerability
- The Microsoft Windows Malicious Software Removal Tool
No comments:
Post a Comment
Neither spam nor comments containing vulgarities will be approved.