Android

Microsoft Issues Emergency Security Update For A 'Critical' Vulnerability

Written by admin


Recently, the tech giant Microsoft has announced the publication of an emergency security patch that they have catalogued as important. Everything seems to indicate that the vulnerability to be solved is found in the so-called Malware Protection Engine, which is part of the security tool.

Microsoft Issues Emergency Security Update For A ‘Critical’ Vulnerability

Redmond company, of course, the tech giant Microsoft have announced the publication of an emergency security patch that they have catalogued as important. Everything seems to indicate that the vulnerability to be solved is found in the so-called Malware Protection Engine, which is part of the security tool that comes pre-installed in the latest Windows operating systems.

Why is it so important to carry out this update?

For all those who are not informed about the work of this software, we will carry out a brief explanation. A simple way to get the issue settled is to indicate that we are facing an antivirus system. Yes, it sounds really weird, but it is true.

It is a software that is equipped with functions related to the cybersecurity of the equipment. From scanning of the equipment in search of threats, passing through a real-time analysis of running processes or blocking Internet access using the firewall included in the system. Both solutions are activated by default, hence it is a very serious update, as indicated by the tech giant Microsoft.

What are the versions of Windows that are affected?

Before continuing, it is important to indicate that actually which devices are likely to be affected by this vulnerability, as the information has not been clear from the beginning. There was the talk of only the computers with Windows 10. Later it has been known that the problem is applied from Windows 7 in advance, to reach the current version and without forgetting Windows Server.

What is CVE-2017-11937?

The security experts of the US company have detected a bug that appears in the Malware Protection Engine (from now on MPE) when it proceeds to perform the analysis of a file with a certain content. This causes access to memory addresses beyond the zone allowed by the operating system and achieves remote execution of the code.

Successful exploitation of the MPE (Malware Protection Engine) vulnerability of the proprietary antimalware tool means that the attacker can enjoy full control over the affected computer. However, the tech giant Microsoft indication that the use of this vulnerability is not complicated. It would be enough for the user to download a file with the precise content of a web or as an attachment to an email message and wait for the tool to perform the analysis.

What is the Solution?

The tech giant Microsoft simply urge to perform a system update through Windows Update tool simply to prevent third parties from taking advantage of this vulnerability. Moreover, currently, the patch is now available for all the versions of Windows operating system from Windows 7 to the latest Windows 10.

So, what do you think about this vulnerability? Simply share all your views and thoughts in the comment section below.

About the author

admin

Leave a Comment