If your computer is usually running Microsoft’s Windows operating system, then you need to apply This particular emergency patch immediately. By immediately, I mean at This particular point!
Microsoft has just released an emergency security patch to address a critical remote code execution (RCE) vulnerability in its Malware Protection Engine (MPE) of which could allow an attacker to take full control of a victim’s PC.
Enabled by default, Microsoft Malware Protection Engine offers the core cybersecurity capabilities, like scanning, detection, as well as cleaning, for the company’s antivirus as well as antimalware programs in all of its products.
According to Microsoft, the vulnerability affects a large number of Microsoft security products, including Windows Defender as well as Microsoft Security Essentials along with Endpoint Protection, Forefront Endpoint Protection, as well as Exchange Server 2013 as well as 2016, impacting Windows 7, Windows 8.1, Windows 10, Windows RT 8.1, as well as Windows Server.
Tracked as CVE-2017-11937, the vulnerability is usually a memory corruption issue which is usually triggered when the Malware Protection Engine scans a specially crafted file to check for any potential threat.
Flaw Lets Hackers Take Full Control of Your Computer
Successful exploitation of the flaw could allow a remote attacker to execute malicious code within the security context of the LocalSystem account as well as take control of the target’s computer.
Microsoft said an attacker could place a specially crafted malicious file in a location of which is usually scanned by the Malware Protection Engine to exploit the memory corruption flaw which eventually leads to remote code execution.
“There are many ways of which an attacker could place a specially crafted file in a location of which is usually scanned by the Microsoft Malware Protection Engine. For example, an attacker could use a website to deliver a specially crafted file to the victim’s system of which is usually scanned when the website is usually viewed by the user,” the report through Microsoft explained.
some other ways to deliver a specially crafted file could be via emails or Instant Messenger services. The attacker could also “take advantage of websites of which accept or host user-provided content, to upload a specially crafted file to a shared location of which is usually scanned by the Malware Protection Engine running on the hosting server,” the report said.
Patch! Patch! Patch!
Microsoft assured its customers of which the vulnerability was fixed before any misuses within the wild.
The company has released an out-of-band critical update for the flaw as well as advised users to install the item as soon as possible. Most home users as well as many enterprise customers will get the emergency patch automatically over the air.
The security vulnerability was discovered as well as reported to Microsoft by the UK’s National Cyber Security Centre (NCSC), a cyber defense organization of Britain’s signals intelligence as well as cybersecurity agency, known as GCHQ.
The emergency fix comes just days before Microsoft is usually scheduled to roll out its December Patch Tuesday updates.