Simply send a trapped file by e-mail to gain full control of the machine. Fortunately, a patch has already been released by Microsoft. It is installed automatically.

Microsoft has released an emergency patch for its Malware Protection Engine, a technology that is embedded in Windows Defender and various other solutions (Forefront, Endpoint Protection, Exchange Server, Security Essentials, Intune). If the publisher takes care of spreading this patch just a few days of the December Patch Tuesday, it is because the risk is particularly high.

The security vulnerability found in this software (CVE-2017-11937) causes memory corruption and allows an attacker to remotely execute code and gain full control of the machine. To exploit it, all you have to do is create a trap file and have it scanned by the Malware Protection Engine. What happens when the automatic protection mode is activated and when the user, for example, opens an attachment in an email or instant message, uploads a file on a sharing network or consults a website.

Fortunately, the patch is installed automatically by Windows. In theory, there is nothing to do. It is still recommended to check that the update has been installed. To do this, go to "Settings -> Windows Defender" and look at the "engine version" which should be 1.1.14405.2.

Younes Derfoufi

Leave a Reply