Microsoft announced a security advisory for the Microsoft Malware Protection Engine on June 17, 2014.  Microsoft states that, “the vulnerability could allow denial of service if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted.”

Microsoft has said that typically no action is required by enterprise administrators or end users, as the built-in mechanism will automatically update the engine within 48 hours depending on the software being used, and the Internet connection.

To determine if your system is at risk, please review the chart below:

Last version of the Microsoft Malware Protection Engine affected by this vulnerability Version 1.1.10600.0
First version of the Microsoft Malware Protection Engine with this vulnerability addressed Version 1.1.10701.0*

 

Leave a Reply

Your email address will not be published. Required fields are marked *

16 + 3 =