Microsoft fixes security flaw in malware protection engine


Microsoft fixes security flaw in malware protection engine

Warwick Ashford

Microsoft has patched a flaw in its malware protection engine that could be exploited to gain control of victim's computer.

The Malware Protection Engine is used in Windows Live OneCare, Microsoft Security Essentials, Windows Defender, Forefront Client Security, Forefront Endpoint Protection 2010, and the Microsoft Malicious Software Removal Tool.

The vulnerability could allow elevation of privilege if the Microsoft Malware Protection Engine scans a system after an attacker with valid logon credentials has created a specially crafted registry key, the company said in a security advisory.

The security update has been pushed out to users of Microsoft's security products via the company's automatic update to patch the elevation of privilege vulnerability.

Microsoft said the update would have been automatic for enterprises, providing administrators had ensured that definition and engine updates were approved in their update management software.

"Since the Microsoft Malware Protection Engine is a part of several Microsoft anti-malware products, the update to the Microsoft Malware Protection Engine is installed along with the updated malware definitions for the affected products," the company said.

Microsoft claims there have been no exploits of the flaw, which was reported to the company by an independent security researcher.

Version 1.1.6502.0 is the latest version of the Microsoft Malware Protection Engine affected by this vulnerability, which is fixed from version 1.1.6603.0.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy