18 Jun 2014

Vulnerability in anti-malware engine allows denial of service attacks, Microsoft warns

The Microsoft Malware Protection Engine faces a security vulnerability that exposes several Microsoft antimalware products to denial-of-service attacks, according to a Microsoft advisory.

Attackers can interrupt scanning with a specifically crafted file that causes the engine to time out. If real-time scanning is on, this happens during the automatic file-monitoring. If it’s not, the attacker needs to wait until a scheduled scan occurs to exploit the vulnerability.

Until the file is manually removed and the service restarted, the anti-malware solution can’t monitor the affected system.

The file can be delivered to the victim’s computer via email, instant messaging apps or malicious websites.

The anti-malware technology is integrated in products such as Microsoft Security Essentials, Windows Defender for Windows RT and Windows RT 8.1, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 7.

Customers are advised to verify they are running the latest version of the anti-malware engine.

“Typically, no action is required of enterprise administrators or end users to install updates for the Microsoft Malware Protection Engine, because the built-in mechanism for the automatic detection and deployment of updates will apply the update within 48 hours of release,” Microsoft said. “The exact time frame depends on the software used, Internet connection, and infrastructure configuration.”