Categories
Malware

Vulnerability in Microsoft Malware Protection Engine allows DoS-attack

Yesterday, June 17, Microsoft released an unscheduled security bulletin, which reported a new vulnerability in the kernel of Microsoft Malware Protection Engine, vulnerability could allow denial of service attack (DoS) if the Microsoft Malware Protection Engine scans a specially crafted file.

Affected Software;

  • Microsoft Forefront Client Security
  • Microsoft Forefront Endpoint Protection 2010
  • Microsoft Forefront Security for SharePoint Service Pack 3
  • Microsoft System Center 2012 Endpoint Protection
  • Microsoft System Center 2012 Endpoint Protection Service Pack 1
  • Microsoft Malicious Software Removal Tool (only for version as of May 2014 or earlier)
  • Microsoft Security Essentials
  • Microsoft Security Essentials Prerelease
  • Windows Defender for Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2
  • Windows Defender for Windows RT and Windows RT 8.1
  • Windows Defender for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
  • Windows Defender Offline
  • Windows Intune Endpoint Protection

Microsoft Security Advisory

Updates for the Microsoft Malware Protection Engine are sent through security advisories.

No action is required of enterprise administrators or end users to install updates for the Microsoft Malware Protection Engine, because the built-in mechanism for the automatic detection and deployment of updates will apply the update within 48 hours of release. The exact time frame depends on the software used, Internet connection, and infrastructure configuration.

By Mohammad Rafati

I write on Powershell, Hacking and Security topics. Follow me for the latest news.