Microsoft recently released an out of cycle update to fix a critical flaw in the Microsoft Malware Protection Engine (MMPE). Due to a vulnerability in an open source archive package, a Google research found that by sending a maliciously crafted file to a computer running MMPE, you can exploit this flaw to execute code and gain complete control of computers running unpatched Microsoft antimalware products. Watch the video below for more details. Products running MMPE should automatically update themselves, but you should double check they did.
Episode Runtime: 2:26
Direct YouTube Link: https://www.youtube.com/watch?v=w-MKi7kDXVk
EPISODE REFERENCES:
- Out-of-cycle MMPE advisory – Microsoft
- Microsoft patches critical MMPE Flaw – Techspot
- Open source blows hole in Windows Defender – The Register
—Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply