Microsoft has patched a remote code execution vulnerability impacting the Microsoft Malware Protection Engine – mpengine.dll – which provides the scanning, detection and cleaning capabilities for Microsoft’s various anti-virus and anti-spyware software including Windows Defender.
The vulnerability is deemed critical in nature.
To exploit the vulnerability, Microsoft says a specially crafted file must be scanned by an unpatched version of the Microsoft Malware Protection Engine. An attacker could deliver the file in a variety of ways – by using a malicious website, through e-mail, by uploading it to a shared directory or even via a messaging client.
An attacker that successfully exploits the vulnerability could take control of a system and install programs. Bad actors could also view, change or delete data and even create new accounts with full user rights.
The update, Microsoft said, corrects the manner in which the Microsoft Malware Protection Engine scans specially crafted files.
Updates to the Microsoft Malware Protection Engine are typically released once a month although in cases like this, exceptions are made.
Fortunately, no action is required by end users. The built-in mechanism for detection and deployment of updates should automatically apply the patch within 48 hours of release although Microsoft says the exact timeframe will depend on software used, your Internet connection and infrastructure configuration.