In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.
Microsoft typically releases an update for the Microsoft Malware Protection Engine once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed.
Depending on which Microsoft antimalware software is used and how it is configured, the software may search for engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time.
About CVE-2017-11937 and CVE-2017-11940 (Remote Code Execution)
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs, view, change, or delete data or create new accounts with full user rights.
The following software versions or editions are affected as listed below:
- Microsoft Endpoint Protection
- Microsoft Exchange Server 2013, 2016
- Microsoft Forefront Endpoint Protection, 2010
- Microsoft Security Essentials
- Windows Defender
- Windows Intune Endpoint Protection
This security vulnerability was discovered and reported to Microsoft by the UK’s National Cyber Security Centre (NCSC), a cyber defense organization of Britain’s signals intelligence and cyber security agency, known as GCHQ.You may also like:
- 30,000 Sites is in RISK, The Plus Addons for Elementor WordPress Plugin Hacked
- Facebook Pay is rolling out in US – 2019 Update
- Top 25 Reddits – SubReddits Communities [Information Security]
- List of 100+ Cyber Security RSS Feeds
- Target’s Twitter Account Compromised – Posted Fake Promoted Ad [Bitcoin Scam]
- Familiar With SQL Injection Vulnerability – Meet Ihsan Sencan
- Microsoft + 33 Other Companies Join hands to fight Cyber Attacks – Cyber Security Tech Accord
- Twitter Compromised ! Change Your Password Right Now – May 2018
- Update your Mozilla Firefox Now – 31st January 2018 Update
- Dangerous Keylogger Found – Infecting over 2000 WordPress sites