Microsoft Releases Emergency Patch For RCE Vuln

Time to patch!

Late last night Microsoft released an emergency out-of-band patch to fix a vulnerability in Microsoft Malware Protection Engine (MsMpEng) that one of the researchers who found it called "the worst Windows remote code exec(ution) in recent memory," and for which US-CERT released an alert.

Announced over the weekend by a pair of researchers working for the Google Project Zero team, Tavis Ormandy and Natalie Silanovich, the vulnerability allows attackers to carry out remote code execution (RCE) by feeding MsMpEng a simple malicious file to trigger memory corruption. According to Silanovich, the vulnerability only requires a simple exploit to leverage, requiring so little code that it can fit in a single tweet. According to Microsoft Security Advisory 4022344, the affected version of the engine must scan the specially crafted file, but that can be easily achieved a number of ways.

"For example, an attacker could use a website to deliver a specially crafted file to the victim's system that is scanned when the website is viewed by the user. An attacker could also deliver a specially crafted file via an email message or in an Instant Messenger message that is scanned when the file is opened," Microsoft advises. "In addition, an attacker could take advantage of websites that accept or host user-provided content, to upload a specially crafted file to a shared location that is scanned by the Malware Protection Engine running on the hosting server." 

Read more - click here.

Da Boss!

Website: www.digitalsmind.com Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Latest Content

  • Exportizer - Export Database Tool
    Written by
    Exportizer - Export Database Tool Every once in a while, I throw-up a piece of…
    Read more...
  • Visual Studio Code - PowerShell - C# - Python - Just About Anything
    Written by
    Visual Studio Code - PowerShell - C# - Python - Just About Anything So, yesterday I was having an issue with the website…
    Read more...
  • How to Use Windows 10’s Storage Spaces to Mirror and Combine Drives
    Written by

    Da Boss!

    How to Use Windows 10’s Storage Spaces to Mirror and Combine Drives This is a terrific article for those who are in…
    Read more...
  • 10 hidden iPhone tricks
    Written by

    Da Boss!

    10 hidden iPhone tricks My family uses the iPhone mostly (I'm an Android guy) and…
    Read more...
  • How to Create a Virtual Machine Clone
    Written by

    Da Boss!

    How to Create a Virtual Machine Clone I happen to use a LOT of VM's in my…
    Read more...

Visit the Digitalsmind Video YouTube Page!

Did you know we have a video page on YouTube? 

Well... WE DO! 

Check us out! 

- Our Video page.