Microsoft Releases Emergency Patch For RCE Vuln

Time to patch!

Late last night Microsoft released an emergency out-of-band patch to fix a vulnerability in Microsoft Malware Protection Engine (MsMpEng) that one of the researchers who found it called "the worst Windows remote code exec(ution) in recent memory," and for which US-CERT released an alert.

Announced over the weekend by a pair of researchers working for the Google Project Zero team, Tavis Ormandy and Natalie Silanovich, the vulnerability allows attackers to carry out remote code execution (RCE) by feeding MsMpEng a simple malicious file to trigger memory corruption. According to Silanovich, the vulnerability only requires a simple exploit to leverage, requiring so little code that it can fit in a single tweet. According to Microsoft Security Advisory 4022344, the affected version of the engine must scan the specially crafted file, but that can be easily achieved a number of ways.

"For example, an attacker could use a website to deliver a specially crafted file to the victim's system that is scanned when the website is viewed by the user. An attacker could also deliver a specially crafted file via an email message or in an Instant Messenger message that is scanned when the file is opened," Microsoft advises. "In addition, an attacker could take advantage of websites that accept or host user-provided content, to upload a specially crafted file to a shared location that is scanned by the Malware Protection Engine running on the hosting server." 

Read more - click here.

Da Boss!

Website: www.digitalsmind.com Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Latest Content

  • ASUS B250 Mining Expert LGA 1151 Motherboard - supports up to 16x GPU, Mining Mode BIOS Optimization
    Written by

    Da Boss!

    ASUS B250 Mining Expert LGA 1151 Motherboard - supports up to 16x GPU, Mining Mode BIOS Optimization Ya know, if I was that into Mining I would…
  • CCleaner for Windows "Hacked" - Hackers Hid Backdoor
    Written by

    Da Boss!

    CCleaner for Windows "Hacked" - Hackers Hid Backdoor Welp...I'm s****! I use CCleaner all the time. So much…
    Read more...
  • Introducing Project “Honolulu”, our new Windows Server management experience
    Written by

    Da Boss!

    Introducing Project “Honolulu”, our new Windows Server management experience This looks pretty cool! I could see myself using it.
    Read more...
  • Windows 10 update due October 17
    Written by

    Da Boss!

    Windows 10 update due October 17 Great. I just got shoved the Creators update and spent…
    Read more...
  • Enhancing the “Open Command Prompt here” Context Menu experience
    Written by

    Da Boss!

    Enhancing the “Open Command Prompt here” Context Menu experience If you are like me and are missing the "Right…
    Read more...

Visit the Digitalsmind Video YouTube Page!

Did you know we have a video page on YouTube? 

Well... WE DO! 

Check us out! 

- Our Video page.