INFRA
INFRA
INFRA
Microsoft rushes out patch for critical Windows Defender vulnerability
For the second month in a row, Microsoft Corp. has released a security-related patch ahead of its traditional “Patch Tuesday” release, addressing a critical vulnerability in its Windows Defender security software.
The patch released by Microsoft today directly addresses a vulnerability called CVE2018-0986. It affects the Microsoft Malware Protection Engine, a core component of Windows Defender that is also used by Microsoft Security Essentials, Microsoft Forefront EndPoint Protection 2010, Microsoft Exchange Server 2013 and 2016 and Windows Intune Endpoint Protection.
The vulnerability was described by Microsoft as a remote code execution vulnerability where the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. Using the vulnerability, attackers could execute arbitrary code in the security context of the LocalSystem account and take control of a targeted system, allowing them to install programs, edit or delete data and create new accounts.
Adding why the vulnerability was rated as “critical,” Microsoft said that there are many ways that a specially crafted file could be used to take over a system and that a file could be delivered by a website, email, or messaging. “If real-time scanning is not enabled, the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited,” Microsoft added. “All systems running an affected version of antimalware software are primarily at risk.”
For users of the affected versions, the good news is that no action is required because the software itself will automatically apply the updates, which will be rolled out over the next 48 hours.
The cause of the vulnerability is being credited to Microsoft using a forked version of the open-source compression software UnRAR in its Malware Protection Engine and subsequently creating issues within it. Calling it a “fork-and-bork,” The Register reported that the code was modified so that all signed integer variables were converted to unsigned variables, causing so-called knock-on problems with mathematical comparisons. In turn, that is said to have left the software vulnerable to memory corruption errors, which can crash the antivirus package or allow malicious code to execute.
Image: Microsoft
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
