Patch ManagementVulnerability

Microsoft Emergency Security Patch – Remote Code Execution Bug

By December 8, 2017 No Comments

On Wednesday, Microsoft announced an emergency security patch, CVE-2017-11937, that addresses a remote code execution bug in its malware protection engine, mpengine.dll. According to Microsoft, “An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

The company added, “For example, an attacker could use a website to deliver a specially crafted file to the victim’s system that is scanned when the website is viewed by the user. An attacker could also deliver a specially crafted file via an email message or in an Instant Messenger message that is scanned when the file is opened. In addition, an attacker could take advantage of websites that accept or host user-provided content, to upload a specially crafted file to a shared location that is scanned by the Malware Protection Engine running on the hosting server.”

Affected Microsoft Products include:

  • Windows Defender in Windows 7, Windows 8.1, Windows 10,
  • Microsoft Security Essentials
  • Endpoint Protection
  • Forefront Endpoint Protection
  • Exchange Server 2013 and 2016

It is important to note that WinXP may also be affected, but is no longer supported by Microsoft and thus, no fix is being distributed for this version of the operating system.

Because of the severity of the vulnerability, Microsoft did not use Windows Update, electing instead to automatically deliver an updated version of mpengine.dll, regardless of whether Windows Updates was turned on or not.

This is the latest issue to plague Microsoft’s malware protection engine and has cybersecurity experts revisiting earlier criticism that Microsoft didn’t sandbox Windows Defender. This is a common practice to isolate specific software from the rest of the computer, thereby minimizing the probability that a critical vulnerability, such as this one, could affect the entire operating system.

Microsoft can thank the U.K. National Cyber Security Centre intelligence agency for the discovery of this vulnerability. To date, there are no known exploits, and applying the patch as quickly as possible is the best way to eliminate the threat.

For questions or help with Microsoft patching, email us anytime. We want to minimize your vulnerability footprint by making it easier than ever for you to keep your infrastructure patched and secure.

Holly Hamann, CMO

Author Holly Hamann, CMO

Holly Hamann serves as Automox's Chief Marketing Officer and is an entrepreneur and start-up veteran. She has helped launch six tech companies in the social media, content, video, and marketing software industries and specializes in SaaS software marketing, content marketing, and influencer marketing. She is an American Marketing Association "Marketer of the Year" recipient and holds a Bachelor's Degree in Mathematics and Computer Science.

More posts by Holly Hamann, CMO