A vulnerability (CVE-2017-8558) has been discovered allowing remote code execution when the Microsoft Malware Protection Engine scans specially-crafted files.
“To exploit this vulnerability, a specially crafted file must be scanned by an affected version of the Microsoft Malware Protection Engine. There are many ways that an attacker could place a specially crafted file in a location that is scanned by the Microsoft Malware Protection Engine. For example, an attacker could use a website to deliver a specially crafted file to the victim’s system that is scanned when the website is viewed by the user. An attacker could also deliver a specially crafted file via an email message or in an Instant Messenger message that is scanned when the file is opened. In addition, an attacker could take advantage of websites that accept or host user-provided content, to upload a specially crafted file to a shared location that is scanned by the Malware Protection Engine running on the hosting server.”
-https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8558
Security Bulletins:
CVE-2017-8558
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8558
Microsoft Security Bulletin:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8558
Recommendations:
System patching.
While Microsoft Malware Protection Engine updates are automatic, rmsource recommends verifying updates. The following link provides instructions to verify update installation:
https://support.microsoft.com/kb/2510781
Network access / Account access
rmsource recommends immediate Intrusion Prevention System updates and tuning of signatures pertaining to CVE-2017-8558.
Checkpoint IPS update reference:
https://www.checkpoint.com/defense/advisories/public/2017/cpai-2017-0527.html
Security