Microsoft security could have been disrupted by email

Security

by Jimmy Nicholls| 19 June 2014

Security flaw only fixed in past 48 hours.

Microsoft was forced to patch its malware detector this week after it discovered a bug that allowed attackers to disable the protection with an email attachment.

Hackers could have created files designed to disrupt the malware scanner and sent them through email, rendering the security useless until the file was removed from the system.

"An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted," said Microsoft.

Had the bug been exploited it could have led to operating systems or programmes locking up, requiring a manual restart to restore service. Though the flaw was regarded by Microsoft as important, there have been no reported instances of it taking place.

The bug, which affected programmes such as the company's Security Essentials and Windows Defender, has been automatically patched.

"Administrators of enterprise installations should follow their established internal processes to ensure that the definition and engine updates are approved in their update management software, and that clients consume the updates accordingly," it added.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

756 people like this.
0 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.