Cve-2017-11937 Patch Download

  1. Cve 2017 Download
  2. Cve-2017-11937 Patch Download

Downloads; Training; Support Resources for IT Professionals. CVE-2017-11937 and CVE-2017-11940 KB# Security > Security Update Guide Q&A. If you're using Windows Defender, you could deploy offline patch on your environment to force the update, but only if is active. Microsoft quietly repairs security hole in Windows Defender, CVE-2017-11937. Windows Patches/Security CVE-2017-11937. It will check but it will NOT download.

M

Cve 2017 Download

icrosoft has fixed a critical remote code execution bug (CVE-2017-11937) in the Malware Protection Engine that finds its home in a variety of products, including Windows Defender (Windows 8 and above) and Microsoft Security Essentials.

According to a security advisory, the flaw leads to a memory corruption error when a specially crafted file is scanned by the affected malware scanning tools. It could allow an attacker to run arbitrary code on the target machine, and take control of the system with Local System privileges to install programs, manipulate files, or create new user accounts with full user rights.

Microsoft said they aren’t aware of any instance where the vulnerability has been actively exploited in the wild. It can be triggered if the real-time protection is turned on for an affected version of Microsoft Malware Protection Engine. Even with real-time protection disabled, the risk is there as the attacker can wait for the scheduled scan which would exploit the vulnerability.

The remote code execution bug in the software was first reported to Microsoft by the British security agency GCHQ’s information security arm National Cyber Security Centre. The list of affected software includes Windows Defender, Microsoft Security Essentials, Microsoft Forepoint Endpoint Protection, Microsoft Exchange Server 2013 & 2016, and Microsoft Endpoint Protection.

Download

Microsoft has released a security patch to address the bug. The users have to do nothing–the built-in mechanism in the malware scanning tool automatically downloads and install updates when there is an active internet connection available. The security patch will also be a part of the monthly cumulative update (aka Patch Tuesday) releasing on December 12.

Cve-2017-11937 Patch Download

Also Read: Windows “Process Doppelgänging” Attack Fools Major Anti-Virus Software #BlackHatEurope
Patch

Many malware researchers were surprised to find an unexpected patch on their machines yesterday. It didn’t arrive through the front door — Windows Update wasn’t involved. Instead, the new version of mpengine.dll arrived automatically, around the back, even if you have Windows Update turned off.

This vulnerability is particularly nasty. If the Malware Protection Engine scans a jimmied file, the file can take over your computer and run whatever it wants. Since the MPE routinely runs all the time, in the background, that means a bad file could infect your computer in myriad ways. To quote Microsoft’s Security Vulnerability notice:

Cve-2017-11937 Patch Download

There are many ways that an attacker could place a specially crafted file in a location that is scanned by the Microsoft Malware Protection Engine. For example, an attacker could use a website to deliver a specially crafted file to the victim's system that is scanned when the website is viewed by the user. An attacker could also deliver a specially crafted file via an email message or in an Instant Messenger message that is scanned when the file is opened. In addition, an attacker could take advantage of websites that accept or host user-provided content, to upload a specially crafted file to a shared location that is scanned by the Malware Protection Engine running on the hosting server.

… and that, my friend, is one whopper of a security hole. It’s easily on a par with the bug in the Malware Protection Engine's JavaScript engine that I talked about on May 9.

The list of affected systems reads like a who’s who of the Windows world: All versions of Win10, 8.1 and 7, Win RT 8.1, Server 2016, Forefront Endpoint Protection, Exchange Server, Server 2008 R2 with Desktop Experience. Those are only the supported versions of Windows. WinXP appears to be vulnerable as well, although there’s no fix being distributed.

Catalin Cimpanu at bleepingcomputer has more details, including a pedigree that traces the discovery of the flaw to the U.K. National Cyber Security Centre. He lists three additional “crazy bad” security holes in mpengine.dll from earlier this year.

To see if you’ve been updated properly, bring up Windows Defender. (I have instructions for Win 7, 8.1 and 10 in my May 9 report.) If you see Engine Version 1.1.14306 (screenshot) your machine hasn’t caught up yet.

If your machine isn’t yet up to the latest version, 1.1.14405.2, I strongly suggest that you not touch the machine until it updates itself. Go get a cup of coffee, and it’ll likely be done by the time you’re back.

Join us for more patching fun ‘n games on the AskWoody Lounge.