Microsoft patches critical Malware Protection Engine flaw

Shawn Knight

Shawn Knight

Posts: 15,296   +192
Staff member

Microsoft has patched a remote code execution vulnerability impacting the Microsoft Malware Protection Engine – mpengine.dll – which provides the scanning, detection and cleaning capabilities for Microsoft’s various anti-virus and anti-spyware software including Windows Defender.

The vulnerability is deemed critical in nature.

To exploit the vulnerability, Microsoft says a specially crafted file must be scanned by an unpatched version of the Microsoft Malware Protection Engine. An attacker could deliver the file in a variety of ways – by using a malicious website, through e-mail, by uploading it to a shared directory or even via a messaging client.

An attacker that successfully exploits the vulnerability could take control of a system and install programs. Bad actors could also view, change or delete data and even create new accounts with full user rights.

The update, Microsoft said, corrects the manner in which the Microsoft Malware Protection Engine scans specially crafted files.

Updates to the Microsoft Malware Protection Engine are typically released once a month although in cases like this, exceptions are made.

Fortunately, no action is required by end users. The built-in mechanism for detection and deployment of updates should automatically apply the patch within 48 hours of release although Microsoft says the exact timeframe will depend on software used, your Internet connection and infrastructure configuration.

Permalink to story.

https://www.techspot.com/news/74017-microsoft-patches-critical-malware-protection-engine-flaw.html

 
I just clicked Check for Updates and am receiving this:
2018-03 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4089848)
I "assume" it is part of this.
 
  • Like
Reactions: Charles Olson
BobHome said:
I just clicked Check for Updates and am receiving this:
2018-03 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4089848)
I "assume" it is part of this.
Click to expand...
Hello, I have that update above, but my Mpengine.dll file is STILL dated from Sept 2017, so it is NOT in that update. I suspect it is done dynamically, rather like the Norton Live Update method. It seems to be phased in, depending on location and hardware type, and maybe WINVER version too.
 
  • Like
Reactions: Charles Olson
Defender didn't defend my wife's surface. I used Malware hunter to get rid of the malware and loaded Avast on all 3 machines that were using defender. I also sent Microsoft a message about a sys32 variant getting through defender. My wife facebooks a lot and she clicked on something in facebook that gave her a gift.
 
mark kram said:
Defender didn't defend my wife's surface. I used Malware hunter to get rid of the malware and loaded Avast on all 3 machines that were using defender. I also sent Microsoft a message about a sys32 variant getting through defender. My wife facebooks a lot and she clicked on something in facebook that gave her a gift.
Click to expand...
Instead of witch hunting privacy, one REAL contribution for FB would be to scan and ensure all uploads were clean!!
 
  • Like
Reactions: tonyd
mark kram said:
Defender didn't defend my wife's surface. I used Malware hunter to get rid of the malware and loaded Avast on all 3 machines that were using defender. I also sent Microsoft a message about a sys32 variant getting through defender. My wife facebooks a lot and she clicked on something in facebook that gave her a gift.
Click to expand...
Unfortunately NO single AV product will be 100% at detection of viruses and malware. IT Pros agree that a two-pronged (layered) defence is best, using a combination of 2 AV items together. NOT 2 full AV suites of course, but as an example, I use Norton Internet Security (now just called Norton Security), plus Malwarebytes, where the free version is used to scan manually for malware (the full paid-for version has 4 real-time active checking modules for malware/exploits/web/ransomware). For Internet banking, I also have the IBM Product Trusteer Rapport (an add-in for most browsers to hide login keystrokes from any possible "man-in-the-middle" attack). Rapport is recommended by most major banks. I have NEVER had any issues with that combination.
 
You must log in or register to reply here.

Similar threads

midian182
Samsung unveils the All-in-One Pro: A sleek alternative to the iMac with a 27-inch 4K display
Replies
10
Views
182
Bobbydpue
Bobbydpue
midian182
Government review criticizes Microsoft for security lapses in "preventable" Exchange hack
Replies
0
Views
98
midian182
midian182
midian182
Despite Microsoft's push, Windows 11 and Edge see decreases in user share
Replies
19
Views
292
user478318
user478318

Latest posts

Back