Microsoft Issues Silent Fix for Critical Bug in Malware Protection Engine

May 31, 2017
By Marcos Colon

A critical vulnerability impacting Microsoft’s Malware Protection Engine was patched by the company on Wednesday, May 24.

If leveraged, the flaw would allow an attacker to ultimately enable remote code execution, according to Threat Post.

Google Project Zero researcher Tavais Ormandy, discovered the vulnerability and privately disclosed it to the computing giant.

“MsMpEng includes a full system x86 emulator that is used to execute any untrusted files that look like PE executables,” Ormandy wrote in a recent post detailing the flaw. “The emulator runs as NT AUTHORITYSYSTEM and isn’t sanboxed. Browsing the list of win32 APIs that the emulator supposed, I noticed ntdll!NtControlChannel, an ioctl-like routine that allows emulated code to control the emulator.”

This silent fix comes on the heels of the emergency patch issued by Microsoft on May 9, which also addressed a bug in the Malware Protection Engine.

prestitial ad