When Those Who Protect Us Join The Other Side

May 10, 2017 CyberCecurity Leave a comment

OK, so the title is a little dramatic.

In this case, while the good guys became bad accidentally, but it doesn’t make the situation any better.

Here are the details. There is a piece of Windows called the Microsoft Malware Protection Engine or MsMpEng. Apparently, a bug was introduced several versions ago that allows at attacker to completely “own” a device running the affected software by merely sending a specially crafted email to the machine. The email does even need to be opened. It can also be triggered by visiting specially crafted web sites, receiving instant messages and similar functions.

The bug was found by Google’s Project Zero, also known as Microsoft’s thorn in their side.

If you are running any of the following, you are affected:

Microsoft Forefront Client Security
Microsoft Forefront Endpoint Protection 2010
Microsoft Forefront Security for SharePoint Service Pack 3
Microsoft System Center 2012 Endpoint Protection
Microsoft Malicious Software Removal Tool
Microsoft Security Essentials
Microsoft Security Essentials Prerelease
Windows Defender for Windows 8, XP, Server 2003, Vista, Server 2008, Windows 7 and Server 2008 R2
Windows Defender Offline
Microsoft Intune Endpoint Protection

Interestingly, it only affects 64 bit operating systems, but that is the vast majority of systems out there.

Microsoft released an EMERGENCY, OUT OF BAND patch for this on Monday and it SHOULD automatically update your software if your software is receiving updates.

For most of these products you can also do a manual update just to be sure.

Information for this post came from Microsoft Support and Microsoft Technet.