Microsoft Malware Protection Engine

Google Project Zero researcher Thomas Dullien discovered a critical vulnerability in the Microsoft Malware Protection Engine (MMPE). MMPE is the component responsible for malware scanning, detection, and cleaning within Microsoft products such as Windows Defender, Microsoft Security Essentials, Microsoft Endpoint Protection, Windows Intune Endpoint Protection, and Microsoft Forefront Endpoint Protection. This vulnerability, CVE-2018-0986, could allow an attacker to execute malicious code and gain complete control on a Windows machine through the system privileges that MMPE is provided. Since the MMPE component scans all incoming files by default, an attacker could send malicious code through an email attachment or an instant messenger client and, without user interaction, use it to exploit the vulnerability. Microsoft has fixed the MMPE flaw in Engine version 1.1.14700.5 and the associated update will be pushed to all vulnerable systems this week, unless system owners and administrators have specifically blocked MMPE updates. The NJCCIC recommends all Windows users and administrators review Microsoft’s Security Advisory for more information and ensure that their systems are set to receive the security update designed to patch CVE-2018-0986.