Microsoft Releases Emergency Patch For RCE Vuln

Time to patch!

Late last night Microsoft released an emergency out-of-band patch to fix a vulnerability in Microsoft Malware Protection Engine (MsMpEng) that one of the researchers who found it called "the worst Windows remote code exec(ution) in recent memory," and for which US-CERT released an alert.

Announced over the weekend by a pair of researchers working for the Google Project Zero team, Tavis Ormandy and Natalie Silanovich, the vulnerability allows attackers to carry out remote code execution (RCE) by feeding MsMpEng a simple malicious file to trigger memory corruption. According to Silanovich, the vulnerability only requires a simple exploit to leverage, requiring so little code that it can fit in a single tweet. According to Microsoft Security Advisory 4022344, the affected version of the engine must scan the specially crafted file, but that can be easily achieved a number of ways.

"For example, an attacker could use a website to deliver a specially crafted file to the victim's system that is scanned when the website is viewed by the user. An attacker could also deliver a specially crafted file via an email message or in an Instant Messenger message that is scanned when the file is opened," Microsoft advises. "In addition, an attacker could take advantage of websites that accept or host user-provided content, to upload a specially crafted file to a shared location that is scanned by the Malware Protection Engine running on the hosting server." 

Read more - click here.

Da Boss!

Website: www.digitalsmind.com Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Latest Content

  • Microsoft and Facebook just laid a 160-terabits-per-second cable 4,100 miles across the Atlantic
    Written by
    Microsoft and Facebook just laid a 160-terabits-per-second cable 4,100 miles across the Atlantic Awesome.. Microsoft, Facebook, and the telecoms infrastructure company Telxius have…
  • iOS 11 is causing massive battery drain problems
    Written by

    Da Boss!

    iOS 11 is causing massive battery drain problems Sometimes, it's a good thing to just wait for the…
    Read more...
  • Meth found in 7-Up in Mexico
    Written by

    Da Boss!

    Meth found in 7-Up in Mexico Meth in 7-Up. What's next? 
    Read more...
  • ASUS B250 Mining Expert LGA 1151 Motherboard - supports up to 16x GPU, Mining Mode BIOS Optimization
    Written by

    Da Boss!

    ASUS B250 Mining Expert LGA 1151 Motherboard - supports up to 16x GPU, Mining Mode BIOS Optimization Ya know, if I was that into Mining I would…
  • CCleaner for Windows "Hacked" - Hackers Hid Backdoor
    Written by

    Da Boss!

    CCleaner for Windows "Hacked" - Hackers Hid Backdoor Welp...I'm s****! I use CCleaner all the time. So much…
    Read more...

Visit the Digitalsmind Video YouTube Page!

Did you know we have a video page on YouTube? 

Well... WE DO! 

Check us out! 

- Our Video page.