Microsoft, Patching Up Vulnerabilities for Windows 7

Last Friday, Microsoft released a new security update that brings patches for major security flaws. One of the most important ones is the one found in the Microsoft Malware Protection Engine (MsMpEng), which is an essential security service part for the entire ecosystem. The bug wore the codename CVE-2017-8558 and it had an influence on an x86 emulator that came together with the Malware Protection Engine. The vulnerability was discovered by Tavis Ormandy, who is a researcher for Google Project Zero.

A Dangerous Flaw

This particular flaw let attackers run code on the victim’s computer. As such, they could gain LocalSystem privileges, thus taking over the entire system. And the method was shockingly easy. It required the attacker to send a malicious and malformed file to the victim with the help of various methods: through file download, email, chat message or making people access certain websites that have the JS file.

In fact, there is no need for any user interaction, since the MsMpEng will immediately start to scan the new content. As such, immediate access is granted to the attacker. Obviously, this was a big issue, and even more so since the Malware Protection Engine is a built-in service for all the versions of the Windows OS since Windows 7.

Moreover, it’s an essential component of lots of Microsoft security products: Microsoft Security Essentials, Windows Defender, Microsoft Endpoint Protection, Windows Intune Endpoint Protection, as well as the Microsoft Forefront Endpoint Protection. As such, the attacker can pass through all these systems.

If such an issue gets sold on hacking forums, malicious people may get as much as millions of dollars. And no wonder, since many people would give an arm to have access to all the Windows computers found at this moment on Earth.

More on this topic

Leave a Reply

Samsung Flip Phone
Samsung’s New 5G Flip Phone to be called W20 5G, Leaked in China
GTA 6 release date
Grand Theft Auto 6 Gameplay Images Emerge Online – Real or Fake?
Apple MacBook Pro
Renewed Laptops on Offer in the Mid-Price Range
Samsung Galaxy S10
Android 10 Beta Release for Samsung Galaxy Note 10 and S10 To Be Announced
Android Apple Gaming How To Internet iPhone Personal Computers Review Site review The Top Best
Searching for the best desktops under $1500? Check these out

With PCs under $1500, you can enjoy high-end gaming and also...

The Last Of Us Part II
The Last Of Us Part II: Release Date 2019, Rumors And News

Although the first part of The Last of Us appeared conclusive...

Want to buy a new tablet? Here is our pick of the best Android tablets

Are you looking for the best Android tablet? In today’s mobile...