• by Ray Schultz , December 26, 2017

Microsoft has issued an update to correct a hole in its malware protection capability.

The problem occurs when Microsoft’s Malware Protection Gnine does not scan a file, leading to memory corruption, the firm states in a security announcement.

An attacker could exploit this opening to “use a website to deliver a specially crafted file to the victim's system that is scanned when the website is viewed by the user,” Microsoft writes. “An attacker could choose to deliver a specially crafted file via an email message or in an Instant Messenger message that is scanned when the file is opened.” 

The company continues: “If the affected antimalware software has real-time protection turned on, the Microsoft Malware Protection Engine will scan files automatically, leading to exploitation of the vulnerability when the specially crafted file is scanned."

It adds, if real-time scanning is not enabled, the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited. All systems running an affected version of antimalware software are primarily at risk.

The update corrects the way the malware engine scans the files, Microsoft says.   The company credits the UK's National Cyber Security Centre (NCSC).

Microsoft has received kudos for its quick action.

“The good news here is that the patch for this critical Windows flaw was deployed rather swiftly,” TectGenix writes. “Even better, users may already have the updated version of the Windows OS that contains this patch.”