When Those Who Protect Us Join The Other Side
OK, so the title is a little dramatic.
In this case, while the good guys became bad accidentally, but it doesn’t make the situation any better.
Here are the details. There is a piece of Windows called the Microsoft Malware Protection Engine or MsMpEng. Apparently, a bug was introduced several versions ago that allows at attacker to completely “own” a device running the affected software by merely sending a specially crafted email to the machine. The email does even need to be opened. It can also be triggered by visiting specially crafted web sites, receiving instant messages and similar functions.
The bug was found by Google’s Project Zero, also known as Microsoft’s thorn in their side.
If you are running any of the following, you are affected:
- Microsoft Forefront Client Security
- Microsoft Forefront Endpoint Protection 2010
- Microsoft Forefront Security for SharePoint Service Pack 3
- Microsoft System Center 2012 Endpoint Protection
- Microsoft Malicious Software Removal Tool
- Microsoft Security Essentials
- Microsoft Security Essentials Prerelease
- Windows Defender for Windows 8, XP, Server 2003, Vista, Server 2008, Windows 7 and Server 2008 R2
- Windows Defender Offline
- Microsoft Intune Endpoint Protection
Interestingly, it only affects 64 bit operating systems, but that is the vast majority of systems out there.
Microsoft released an EMERGENCY, OUT OF BAND patch for this on Monday and it SHOULD automatically update your software if your software is receiving updates.
For most of these products you can also do a manual update just to be sure.
Information for this post came from Microsoft Support and Microsoft Technet.