Microsoft fixes Security Essentials, Forefront products bug

A Microsoft security advisory alerts users that an automatic update will repair a flaw in the Malware Protection Engine used across all of its antimalware products.

Microsoft has issued an advisory alerting customers of a security update that fixes a vulnerability across all of its antimalware products, including Security Essentials and its Forefront enterprise endpoint suite.

The software glitch is located in the software giant's Malware Protection Engine (MPE). It could allow an attacker to gain an elevation of privilege if the software scans a system after the attacker deploys a malicious registry key on a computer. Microsoft rates the vulnerability "important" because the flaw cannot be exploited by anonymous users.

Microsoft said the update is automatically installed with updated malware definitions for affected products. In most cases, the update will be deployed automatically in the next 48 hours with no action required of enterprise administrators, Microsoft said.

"Administrators of enterprise installations should follow their established internal processes to ensure the definition and engine updates are approved in their update management software, and that clients consume the updates accordingly," Microsoft said in its advisory.

Microsoft antimalware software affected by the vulnerability includes Microsoft Windows Live OneCare, Microsoft Security Essentials, Microsoft Windows Defender, Microsoft Forefront Client Security, Microsoft Forefront Endpoint Protection 2010 and the Microsoft Malicious Software Removal Tool (MSRT).

An update fixing the vulnerability in the MSRT will be issued March 8, Microsoft said, noting that updating the tool is a lower priority since an attacker cannot exploit the vulnerability by running MSRT manually.

~Robert Westervelt

Dig deeper on Windows Security: Alerts, Updates and Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close