Intelligence Agencies Start Sharing Vulnerabilities – UK’s GCHQ Helps Microsoft Fix Flaws in Windows Defender

– Originally published on December 7

Microsoft is releasing an emergency security patch to fix a remote code execution bug in its Malware Protection Engine. Microsoft’s Malware Protection Engine provides the scanning, detection, and cleaning capabilities for the company’s antivirus and anti-spyware software. The Redmond software giant writes that the vulnerability can be triggered when the Malware Protection Engine scans a downloaded file (that has been specially crafted) to check it for potential threats. Tracked as CVE-2017-11937, the flaw is believed to have been addressed before any misuses in the wild.

RelatedMajor Microsoft Surface Phone Patent Reveal Is Complete With Renders; Suggests Redmond Will Equip Device With Two OLED Displays

When Malware Engine needs protection from malware…

Microsoft said that attackers could place a specially crafted file in a location that is scanned by the Microsoft Malware Protection Engine to exploit a memory corruption bug enabling them to execute code remotely. “There are many ways that an attacker could place a specially crafted file in a location that is scanned by the Microsoft Malware Protection Engine,” the company warned.

“For example, an attacker could use a website to deliver a specially crafted file to the victim’s system that is scanned when the website is viewed by the user. An attacker could also deliver a specially crafted file via an email message or in an Instant Messenger message that is scanned when the file is opened. In addition, an attacker could take advantage of websites that accept or host user-provided content, to upload a specially crafted file to a shared location that is scanned by the Malware Protection Engine running on the hosting server.”

Attackers are then able to exploit this remote code execution vulnerability because Microsoft Malware Protection Engine fails to properly scan a specially crafted file, leading to memory corruption. Redmond explained (emphasis is ours).

“An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

The company added that if realtime scanning is not enabled, “the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited”. The fix that has been released by the company addresses the vulnerability by correcting the way Microsoft Malware Protection Engine scans specially crafted files to avoid this exploit.

The security flaw affects Windows Defender in Windows 7, Windows 8.1, Windows 10, and Microsoft Security Essentials, Endpoint Protection, Forefront Endpoint Protection, and Exchange Server 2013 and 2016. Apparently, it was the UK’s National Cyber Security Centre (NCSC) that discovered these flaws and helped Redmond software giant fix them. GCHQ and other intelligence agencies are notorious for hoarding vulnerabilities for their own surveillance uses. It appears that they may be changing their ways a little to appear more helpful to tech companies.

RelatedSecret Gifts: Windows 10 Comes Bringing a Free Password Manager with a Critical Security Bug 

More details about the affected products and the bug that has been rated as critical are available over at Microsoft. The company said that the patch should be installed automatically.

– Earlier: Intel Management Engine Flaws Continue to Create Security Nightmares

Tweet Share

Related

More Information For Microsoft Surface Phone Comes To Light In Whiteboard App; 'Left', 'Right' Page Hint At Foldable Device

[Update] Microsoft May Have Broken Windows Update for Some Windows 7 Users - How to Fix Error 80248015

Want to Use a Secure Machine? Microsoft Shares a List of Rules for a Highly Secure Windows 10 Device

Microsoft Drops Its Lawsuit Against United States After DOJ Fixes Its Policy on Gag Orders

Download Official Windows 10 Fall Creators Update ISO Files (32-bit / 64-bit)