Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Windows Security Software Gets Emergency Patch

May 10, 2017

Security software should protect you from malware and not make your computer more vulnerable. Not so with several of Microsoft's products, including Windows Defender. Endgadet reported that Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich tweeted about discovering "the worst Windows remote code exec in recent memory." According to an advisory released by Microsoft, the remotely exploitable security flaw (CVE-2017-0290) exists in Microsoft Malware Protection Engine (MMPE) – the company's own antivirus engine that could be used to fully compromise Windows PCs without any user interaction. The impacted software includes:

  • Windows Defender
  • Windows Intune Endpoint Protection
  • Microsoft Security Essentials
  • Microsoft System Center Endpoint Protection
  • Microsoft Forefront Security for SharePoint
  • Microsoft Endpoint Protection
  • Microsoft Forefront Endpoint Protection

If you are running any of the impacted software products (Microsoft's Defender security software comes enabled by default on Windows 7, 8.1, RT 8.1, Windows 10 and Windows Server 2016) make sure you apply the patch as soon as possible.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com