Security Management Strategies for the CIOMicrosoft has issued an advisory alerting customers of a security update that fixes a vulnerability across all of its antimalware products, including Security Essentials and its Forefront enterprise endpoint suite.
The software glitch is located in the software giant's Malware Protection Engine (MPE). It could allow an attacker to gain an elevation of privilege if the software scans a system after the attacker deploys a malicious registry key on a computer. Microsoft rates the vulnerability "important" because the flaw cannot be exploited by anonymous users.
Microsoft said the update is automatically installed with updated malware definitions for affected products. In most cases, the update will be deployed automatically in the next 48 hours with no action required of enterprise administrators, Microsoft said.
"Administrators of enterprise installations should follow their established internal processes to ensure the definition and engine updates are approved in their update management software, and that clients consume the updates accordingly," Microsoft said in its advisory.
Microsoft antimalware software affected by the vulnerability includes Microsoft Windows Live OneCare, Microsoft Security Essentials, Microsoft Windows Defender, Microsoft Forefront Client Security, Microsoft Forefront Endpoint Protection 2010 and the Microsoft Malicious Software Removal Tool (MSRT).
An update
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
fixing the vulnerability in the MSRT will be issued March 8, Microsoft said, noting that updating the tool is a lower priority since an attacker cannot exploit the vulnerability by running MSRT manually.
~Robert Westervelt
Join the conversationComment
Share
Comments
Results
Contribute to the conversation