Microsoft Malware Protection remote code execution

Dear clients,

This is a quick email to alert you about a newly disclosed vulnerability that affects all Microsoft operating systems from Windows 7 to Server 2016.

The vulnerability is present within the Malware Protection engine that runs as the SYSTEM superuser.
The detailed vulnerability report by the Google Security team is now public with proof of concept code. To summarise, the vulnerability results in remote code execution and can be triggered on any system which scans a vulnerability triggering text string or file.
Exploitation scenarios include:

• Exchange receiving an incoming or outgoing email.
• Reading an email on a desktop.
• Visiting a website.
• The malicious file being uploaded to a server (such as Sharepoint, FTP, IIS webserver or network File Share)
• Opening the file or saving it to disk.

Products affected include:

• Microsoft Forefront Endpoint Protection 2010
• Microsoft Endpoint Protection
• Microsoft Forefront Security for SharePoint Service Pack 3
• Microsoft System Center Endpoint Protection
• Microsoft Security Essentials
• Windows Defender for Windows 7
• Windows Defender for Windows 8.1
• Windows Defender for Windows RT 8.1
• Windows Defender for Windows 10, Windows 10 1511, Windows 10 1607, Windows Server 2016, Windows 10 1703
• Windows Intune Endpoint Protection

Microsoft has released Security Update for Microsoft Malware Protection Engine to address this issue.

Ensure the Microsoft Malware Protection Engine is able to receive the latest updates and threat definitions to resolve this issue.
​
It is also worth mentioning that another Microsoft vulnerability has been found by the Google Security team which has not yet been made public or patched. The issue is rumoured to affect all versions of Microsoft Windows and is remotely exploitable and wormable and may affect the TCP/IP implementation which would also bypass the Windows firewall.
We will send another alert when details become public.