The Microsoft Malware Protection Engine, mpengine.dll, provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software. There has been found a vulnerability in it. The vulnerability (CVE-2018-0986) may allow an attacker to execute arbitrary code in the security context of the LocalSystem account and take control of the system.
Affected are versions earlier than 1.1.14700.5.
In default settings Malware Protection Engine should update itself automatically. Instructions for checking currently used version can be read here under "Verification of the update installation" section of the correspondent product in use.
More information can be read from the related advisory.
Friday, April 6, 2018
Microsoft Malware Protection Engine Vulnerability
Labels:
antivirus,
malware,
Microsoft,
protection,
security,
security threat,
update,
vulnerability
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment