Microsoft Issues Silent Fix for Critical Bug in Malware Protection Engine

By Marcos Colon

A critical vulnerability impacting Microsoft’s Malware Protection Engine was patched by the company on Wednesday, May 24.

If leveraged, the flaw would allow an attacker to ultimately enable remote code execution, according to Threat Post.

Google Project Zero researcher Tavais Ormandy, discovered the vulnerability and privately disclosed it to the computing giant.

“MsMpEng includes a full system x86 emulator that is used to execute any untrusted files that look like PE executables,” Ormandy wrote in a recent post detailing the flaw. “The emulator runs as NT AUTHORITYSYSTEM and isn’t sanboxed. Browsing the list of win32 APIs that the emulator supposed, I noticed ntdll!NtControlChannel, an ioctl-like routine that allows emulated code to control the emulator.”

This silent fix comes on the heels of the emergency patch issued by Microsoft on May 9, which also addressed a bug in the Malware Protection Engine.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.