Vulnerability in Microsoft Malware Protection Engine

[leofelix]

Microsoft Security Advisory (2491888)

Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of Privilege

Published: February 23, 2011

Version: 1.0

General Information
Executive Summary

Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft. The update addresses a privately reported vulnerability that could allow elevation of privilege if the Microsoft Malware Protection Engine scans a system after an attacker with valid logon credentials has created a specially crafted registry key. An attacker who successfully exploited the vulnerability could gain the same user rights as the LocalSystem account. The vulnerability could not be exploited by anonymous users.

Since the Microsoft Malware Protection Engine is a part of several Microsoft anti-malware products, the update to the Microsoft Malware Protection Engine is installed along with the updated malware definitions for the affected products. Administrators of enterprise installations should follow their established internal processes to ensure that the definition and engine updates are approved in their update management software, and that clients consume the updates accordingly.

Typically, no action is required of enterprise administrators or end users to install this update, because the built-in mechanism for the automatic detection and deployment of this update will apply the update within the next 48 hours. The exact time frame depends on the software used, Internet connection, and infrastructure configuration.

Affected Software

Vulnerability Severity Rating and Maximum Security Impact by Affected Software
Anti-malware Software Microsoft Malware Protection Engine Vulnerability - CVE-2011-0037

Windows Live OneCare


Important
Elevation of Privilege

Microsoft Security Essentials


Important
Elevation of Privilege

Microsoft Windows Defender


Important
Elevation of Privilege

Microsoft Forefront Client Security


Important
Elevation of Privilege

Microsoft Forefront Endpoint Protection 2010


Important
Elevation of Privilege

Microsoft Malicious Software Removal Tool


Important
Elevation of Privilege

Mitigating Factors

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of this issue. The following mitigating factors may be helpful in your situation:
•

An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.
•

An attacker could use the Malicious Software Removal Tool (MSRT) to exploit this vulnerability only if MSRT has not already run on the system. For the majority of end users, the current version of the MSRT will already have downloaded and run automatically through automatic updating.

Read more:
http://www.microsoft.com/technet/security/advisory/2491888.mspx

[Bearcat]

Thanks for the heads up Leo! As always, it is much appreciated!

[Ceyfer √]

the built-in mechanism for the automatic detection and deployment of this update will apply the update within the next 48 hours.

MSE auto update scheme will do the trick. Thanks

[JayCub]

Thank you for sharing the information Leo, as Ceyfer pointed out auto update will take care of it but it's the mechanics of it that are just as important..

[Boyfriend]

Thanks leofelix for security advisory info

[INDRANIL]

Thanks for the heads up captain .