Security Alert (A17-12-03): Vulnerability in Microsoft Malware Protection Engine
07 December 2017
Microsoft has released a security update addressing a vulnerability in the Microsoft Malware Protection Engine. A malicious crafted file could be used to exploit the vulnerability when a crafted file is scanned by the affected engine. The crafted file could be delivered in several ways, such as enticing a user to open an attached file in an email message or an Instant Messenger message, uploading a file to a Windows-based shared location, or browsing a malicious website.
Microsoft Endpoint Protection
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Microsoft Forefront Endpoint Protection
Microsoft Forefront Endpoint Protection 2010
Microsoft Security Essentials
Windows Intune Endpoint Protection
A successful attack could lead to remote code execution and take control of the affected system.
Patch for affected products will apply from built-in mechanism for the automatic detection and deployment of Microsoft Malware Protection Engine.