Major Security Flaw Discovered in the Microsoft Malware Protection Engine

Dennis Faas's picture


It looks like Microsoft has once again scrambled to update a recently discovered vulnerability in their Malware Protection Engine, used by the Windows Defender security programs.

A security bulletin (MS07-010) has been issued by Microsoft (MS) for users of it's highly touted Windows Defender security program that affects 8 MS products.

The security bulletin, rated "critical" details how a remote code execution vulnerability in the Microsoft Malware Protection Engine because of the way it parses Portable Document Format (PDF) files.

Product and version numbers affected:

  • Windows Live OneCare -- 1.1.2101.0
  • Microsoft Antigen for Exchange 9.x --
  • Microsoft Antigen for SMTP Gateway 9.x --
  • Microsoft Windows Defender -- 1.1.2101.0
  • Microsoft Windows Defender in Windows Vista -- 1.1.2101.0
  • Microsoft Windows Defender x64 Edition -- 1.1.2101.0
  • Microsoft Forefront Security for Exchange Server --
  • Microsoft Forefront Security for SharePoint --

In a nutshell: an attacker could exploit the vulnerability by constructing a specially crafted PDF file that may allow remote code execution when the target computer system receives, and the Microsoft Malware Protection Engine scans, the PDF file.

The Microsoft Malware Protection Engine, mpengine.dll, provides the scanning, detection and cleaning capabilities for the following antivirus and antispyware clients: Windows Live OneCare, Microsoft Forefront Security, Microsoft Antigen, and Windows Defender.

Users of the affected software are encouraged to update their products immediately.

You do have to wonder though, how this type of flaw can happen when Microsoft keeps hyping up all the "security" of their new operating system.

Visit Bill's Links and More for more great tips, just like this one!

Rate this article: 
No votes yet