Microsoft has rolled out a bunch of security updates to patch a critical remote execution vulnerability that majorly affects Windows Defender on Windows and Windows Server platforms. The issue, listed as CVE2018-0986, exists within Microsoft Malware Protection Engine also impacts Microsoft Security Essentials, Microsoft Forefront EndPoint Protection 2010, Microsoft Exchange Server 2013 and 2016, and Windows Intune Endpoint Protection. Enterprise administrators and end users will not be required to install updates manually as there are built-in tools to automatically deploy the updates within 48 hours of their release.
The new updates aren't a part of Microsoft's monthly security update phase. However, it tightens security across various Windows platforms, including Windows 10 and Windows Server 2012. "An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," the company wrote while describing the vulnerability on its Security TechCenter.
Microsoft points out that there are "many ways" that a specially crafted file can be placed by the attacker. Moreover, it could be delivered via a website, email, or an instant messenger message or even through a site that accepts or host user-provided content.
"If real-time scanning is not enabled, the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited. All systems running an affected version of antimalware software are primarily at risk," Microsoft notes.
The security updates essentially correct the manner in which the Microsoft Malware Protection Engine scans specially crafted files. Further, the vulnerable Microsoft Malware Protection Engine version 1.1.14600.4 has been updated to version 1.1.14700.5.