Submitted via IRC for Bytram
Microsoft has posted an out-of-band security update to address a remote code execution flaw in its Malware Protection Engine.
Redmond says the flaw, dubbed CVE-2017-11937, has not yet been exploited in the wild. Because it is an out-of-band critical fix, however, it should be installed as soon as possible. For most users, this will happen automatically.
The security hole is present in Windows Defender and Microsoft Security Essentials, as well as Endpoint Protection, Forefront Endpoint Protection, and Exchange Server 2013 and 2016.
[...] According to Microsoft, the vulnerability can be triggered when the Malware Protection Engine scans a downloaded file to check for threats. In many systems this is set to happen automatically for all new files.
By exploiting a memory corruption error in the malware scanning tool, the attack file would be able to execute code on the target machine with LocalSystem privileges.
(Score: 3, Funny) by inertnet on Sunday December 10 2017, @12:48PM (4 children)
If an attack is found it should be named 'Canola'.
(Score: 1, Touché) by Anonymous Coward on Sunday December 10 2017, @01:12PM (3 children)
I see what you did there.
(Score: 2) by takyon on Sunday December 10 2017, @01:16PM (2 children)
I don't see what internet did there. Where am I?
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Sunday December 10 2017, @01:53PM
Or, for symmetry, if an attack is found it should be named 'Google'.
(Score: 2) by arslan on Sunday December 10 2017, @10:18PM
There's another article following this about Canola oil and Memory...
(Score: 0) by Anonymous Coward on Sunday December 10 2017, @04:43PM (2 children)
... with extra layers that are composed of code that can be exploited.
Tell me again how professional this stuff all is...
(Score: 0) by Anonymous Coward on Sunday December 10 2017, @06:59PM
It's a band-aid for Aids.
(Score: 2) by c0lo on Sunday December 10 2017, @10:47PM
It's not professional, it's Essential.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Monday December 11 2017, @12:51PM
Real professional work M$! Worse security than nothing. And this shit is getting old
MSE Bug Crashes Windows XP [soylentnews.org]
'Crazy Bad' Bug in Microsoft's Windows Malware Scanner Can be Used to Install Malware [soylentnews.org]
(Score: 2) by Grishnakh on Monday December 11 2017, @05:02PM (1 child)
The MS Malware Protection engine has never worked at all: for it to actually work, it needs to block Windows.
(Score: 2) by Freeman on Monday December 11 2017, @06:45PM
Blocking Windows would just create a paradox. Would need to do something useful, like trade the core for Unix / Linux. Then we could finally get the answer to that "Linux is only secure, because it's not used enough" argument I've heard thrown around a few times.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"