Microsoft has issued an update to its core malware protection engine that fixes a bug that could allow an attacker to gain LocalSystem privileges on a vulnerable machine if a specific set of odd conditions exist.
The vulnerability in the Microsoft Malware Protection Engine is a privilege-escalation bug, so an attacker would already need to be authenticated on the local system in order to exploit it, the company said.
“The update addresses a privately reported vulnerability that could
allow elevation of privilege if the Microsoft Malware Protection Engine
scans a system after an attacker with valid logon credentials has
created a specially crafted registry key. An attacker who successfully
exploited the vulnerability could gain the same user rights as the
LocalSystem account. The vulnerability could not be exploited by
anonymous users.Since the Microsoft Malware Protection Engine is a
part of several Microsoft anti-malware products, the update to the
Microsoft Malware Protection Engine is installed along with the updated
malware definitions for the affected products,” the company said in its security bulletin.
The Malware Protection Engine is the heart of the anti-malware system that Microsoft uses in a number of its offerings, including Windws Live OneCare, Microsoft Security Essentials, Windows Defender, Forefront Client Security, Forefront Endpoint Protection 2010 and the Malicious Software Removal Tool. The MSRT is the core tool that Microsoft uses to remove malware from Windows machines.
The update to the Malware Protection Engine update that includes the fix for this vulnerability was a general update and was not issued just to fix the privilege-escalation bug. Microsoft said it is not issuing a separate bulletin for the bug.