Microsoft's virus scanner causes security problem
When performing a virus scan, Microsoft's Malware Protection Engine fails to process a specially crafted registry value correctly, enabling local attackers with restricted privileges to execute arbitrary code at system privilege level (privilege escalation). According to Microsoft's advisory, the vulnerable anti-malware engine (mpengine.dll) is part of the Security Essentials (MSE), Windows Live OneCare, Windows Defender, Forefront Client Security and Forefront Endpoint Protection 2010 products as well as the Malicious Software Removal Tool. All versions up to 1.1.6502.0 are reportedly vulnerable.
A patch that is being deployed automatically via the virus and signature update mechanism will fix the issue. Microsoft says that such updates are usually installed within 48 hours, but that users can also initiate the process manually. An updated version of the Malicious Software Removal Tool will become available on 8 March. The tool is only vulnerable when it is first executed by the system after having been downloaded via Windows Update. Attackers can't exploit the hole by manually starting the tool.
(trk)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
