Microsoft Bug Threatens Malware Protection Engine

The software giant said the update fixes a bug in the Malware Protection Engine that an attacker could exploit to gain LocalSystem privileges and access to a machine. The vulnerability in the Microsoft Malware Protection Engine, which is the core of the anti-malware system in several pieces of Microsoft software, affects Microsoft Windows Live OneCare, Microsoft Security Essentials, Windows Defender, Forefront Client Security, Forefront Endpoint Protection 2010 and the Malicious Software Removal Tool, which is what Microsoft uses to remove malware from Windows machines.

Microsoft added Microsoft Antigen for Exchange, Microsoft Antigen for SMTP Gateway, Forefront Protection 2010 for Exchange Server, Forefront Threat Management Gateway 2010, Microsoft Forefront Security for SharePoint, Forefront Security for Office Communications Server and Microsoft Standalone System Sweeper are not affected by the bug.

"The update addresses a privately reported vulnerability that could allow elevation of privilege if the Microsoft Malware Protection Engine scans a system after an attacker with valid logon credentials has created a specially crafted registry key. An attacker who successfully exploited the vulnerability could gain the same user rights as the LocalSystem account. The vulnerability could not be exploited by anonymous users," Microsoft wrote in the security bulletin.

Microsoft said the vulnerability in the Microsoft Malware Protection Engine is important, since it is a privilege-escalation bug. An attacker would already be authenticated to the local system in order to exploit the vulnerability, Microsoft said.

Sponsored post

"Since the Microsoft Malware Protection Engine is a part of several Microsoft anti-malware products, the update to the Microsoft Malware Protection Engine is installed along with the updated malware definitions for the affected products," Microsoft said. "Administrators of enterprise installations should follow their established internal processes to ensure that the definition and engine updates are approved in their update management software, and that clients consume the updates accordingly."

Microsoft said no action is required of admins or end users to install the update to fix the vulnerability in the Microsoft Malware Protection Engine, because the built-in mechanism for the automatic detection and deployment for the update will apply it within the next two days. Microsoft said the timing of the update depends on software used, Internet connection and infrastructure configuration.