Microsoft has warned of a denial of Service vulnerability which exists in its Malware Protection Engine.
According to advisory 2974294, the vulnerability was reported to Microsoft and iIn order to exploit this vulnerability, a specially crafted file must be scanned by an affected version of the Microsoft Malware Protection Engine.
If affected anti-malware software has real-time protection turned on, the Microsoft Malware Protection Engine will scan files automatically, leading to exploitation of the vulnerability when the specially crafted file is scanned. If real-time scanning is not enabled, the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited.
In addition, exploitation of the vulnerability could occur when the system is scanned using an affected version of the Malicious Software Removal Tool (MSRT).
“An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted,” it warned.
Wolfgang Kandek, CTO of Qualys, said: “A specifically crafted file can cause the Malware Protection Engine to lock up, requiring manual intervention. The solution is to delete the file and restart the service.
“The new fixed code should update itself within the next 48 hours. We are releasing detection “QID 122135 Microsoft Malware Protection Engine Denial of Service Vulnerability” to help monitor your organisation’s state as far as this vulnerability is concerned.”
