Microsoft Issues Fix for Bug in Malware Protection Engine

Microsoft has issued an update to its core malware protection engine that fixes a bug that could allow an attacker to gain LocalSystem privileges on a vulnerable machine if a specific set of odd conditions exist.

The vulnerability in the Microsoft Malware Protection Engine is a privilege-escalation bug, so an attacker would already need to be authenticated on the local system in order to exploit it, the company said.

"The update addresses a privately reported vulnerability that could allow elevation of privilege if the Microsoft Malware Protection Engine scans a system after an attacker with valid logon credentials has created a specially crafted registry key. An attacker who successfully exploited the vulnerability could gain the same user rights as the LocalSystem account. The vulnerability could not be exploited by anonymous users.Since the Microsoft Malware Protection Engine is a part of several Microsoft anti-malware products, the update to the Microsoft Malware Protection Engine is installed along with the updated malware definitions for the affected products," the company said in its security bulletin.

The Malware Protection Engine is the heart of the anti-malware system that Microsoft uses in a number of its offerings, including Windws Live OneCare, Microsoft Security Essentials, Windows Defender, Forefront Client Security, Forefront Endpoint Protection 2010 and the Malicious Software Removal Tool. The MSRT is the core tool that Microsoft uses to remove malware from Windows machines.

The update to the Malware Protection Engine update that includes the fix for this vulnerability was a general update and was not issued just to fix the privilege-escalation bug. Microsoft said it is not issuing a separate bulletin for the bug.

Commenting on this Article is closed.