Microsoft’s Malware Protection Engine is an important part of the security defences of the Windows operating system, but it was recently left exposed by a ‘critical’ security flaw.
Windows uses the engine to conduct regular security scans, but the UK National Cyber Security Centre recently identified flaws, which had been uncovered by GCHQ.
The US software giant is calling on users to implement the update straightaway. The bug provides remote attackers with the ability to run arbitrary code on a number of different versions of the Windows operating system, including Windows 7, Windows 8 and 8.1, Windows 10, and Windows Server 2016.
Unless the update is implemented, the Malware Protection Engine is unable to scan crafted files properly, and as a result hackers can execute arbitrary code.
If a hacker is able to do this, then they can damage the security of a LocalSystem account and control the entire software. From here, they’re able to change data and install programmes.
“There are many ways that an attacker could place a specially crafted file in a location that is scanned by the Microsoft Malware Protection Engine,” warned Microsoft.
“For example, an attacker could use a website to deliver a specially crafted file to the victim’s system that is scanned when the website is viewed by the user.”
If an attacker wants to make use of this flaw, they have to create and send an infected file to a remote computer. They can do this through email and IM messages.
“An attacker could also deliver a specially crafted file via an email message or in an Instant Messenger message that is scanned when the file is opened,” added Microsoft.
“In addition, an attacker could take advantage of websites that accept or host user-provided content, to upload a specially crafted file to a shared location that is scanned by the Malware Protection Engine running on the hosting server.”
US-CERT has also released a statement on the bug, saying: “Microsoft has released updates to address a vulnerability in Microsoft Malware Protection Engine affecting multiple products. A remote attacker could exploit this vulnerability to take control of an affected system.”
Save this article