Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43445
  • Total Topics: 16537
  • Online today: 2794
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 2
Guests: 2775
Total: 2777









Author Topic: Microsoft patch bug in Malware Protection Engine  (Read 2937 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Microsoft patch bug in Malware Protection Engine
« on: 24. February 2011., 07:30:27 »


Microsoft has patched a bug in its malware scanning engine that could be used as a stepping stone for an attacker looking to seize control of a Windows box.

The bug is fixed in an update to the Microsoft Malware Protection Engine that was pushed out to users of Microsoft's security products on Wednesday. It's what's known as an elevation of privilege vulnerability -- something that could be used by an attacker who already has access to the Windows system to gain complete administrative control.

Microsoft hasn't seen anyone take advantage of the bug yet -- the flaw was reported to the company by security researcher Cesar Cerrudo -- but Microsoft thinks that hackers could develop code that reliably exploits the issue.

In an instant message interview, Cerrudo, the CEO of security research firm Argeniss, said he disclosed the bug publicly at the Black Hat security conference in July 2010: http://www.argeniss.com/research/TokenKidnappingRevengePaper.pdf
But because the hacker would already need have access to the machine to pull off this attack, he doesn't believe that it presents a major security risk to most users.

"This vulnerability could be exploited remotely, for instance on Internet Information Server, but the attacker will need to be able to upload an execute code on IIS," he said. "Sites that allow users to upload Web pages, they are more at risk."

Microsoft rates the issue as "important."

An attacker could take advantage of the flaw by changing a Windows registry key to a special value, which would then be processed by the malware engine at its next scan.

This would be useful if the criminal was already on a machine that had locked-down user privileges. "An attacker who successfully exploited this vulnerability could execute arbitrary code... and take complete control of the system," Microsoft said in a security advisory, released Wednesday. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights": http://www.microsoft.com/technet/security/advisory/2491888.mspx

The issue is fixed in Version 1.1.6603.0 of the Malware Protection Engine, which is used in Windows Live OneCare, Microsoft Security Essentials, Windows Defender, Forefront Client Security, Forefront Endpoint Protection 2010, and the Microsoft Malicious Software Removal Tool.

Consumers should get the fix automatically as part of Microsoft's monthly update to its malware scanner.

This isn't the first time that Microsoft has found bugs in its security software. It reported bugs in the Malware Protection Engine back in 2007: http://www.microsoft.com/technet/security/bulletin/ms07-010.mspx and 2008: http://www.microsoft.com/technet/security/bulletin/ms08-029.mspx

(CW)

Samker's Computer Forum - SCforum.info

Microsoft patch bug in Malware Protection Engine
« on: 24. February 2011., 07:30:27 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023