Microsoft has corrected a bug in its malware scanning engine that could be used as a stepping stone to an attacker trying to hijack a Windows window.
The bug is fixed in an update to the Microsoft Malware Protection Engine that has been pushed out to users of security products from Microsoft on Wednesday. Is what is known as an elevation of privilege vulnerability--something that could be used by an attacker who already has access to the Windows system to capture the full administrative control.
Microsoft has not seen anyone exploit the bugs still--the defect was reported to the company by Cesar Cerrudo security researcher--but Microsoft thinks that hackers could develop code that exploits the issue reliably.
In an interview of instant message, Cerrudo, CEO of security research firm Argeniss, said that he disclosed publicly Conference Black Hat security bug in July 2010. But because the hacker need would already have access to the machine to pull off this attack, he does not believe that presents a serious security risk for most users.
"This vulnerability can be exploited remotely, for instance on the Internet Information Server, but the attacker must be able to upload any code running on IIS," he said. "Sites that allow users to upload Web pages, are most at risk."
Microsoft rates it as "important".
An attacker could exploit this flaw by changing a Windows registry key to a special value, who would then processed by the engine at its subsequent malware scan.
This would be useful if the criminal was already on a machine that had the blocked user's privileges. "An attacker who successfully exploited this vulnerability could run arbitrary code ... and take complete control of the system," Microsoft said in a security advisory released Wednesday. "An attacker could then install programs; view, edit, or delete data; or create new accounts with full user rights.
The issue is fixed in version 1.1.6603.0 of the Malware Protection Engine, which is used in Windows Live OneCare, Microsoft Security Essentials, Windows Defender, Forefront Client Security, Forefront Endpoint Protection 2010 and the Microsoft Malicious Software Removal Tool.
Consumers should obtain the fix automatically as part of the monthly update of Microsoft to its malware scanner.
This is not the first time that Microsoft has found bug in its security software. Bug in Malware Protection Engine is reportedly back in 2007 and 2008.
Robert McMillan covers the security of your computer and General technology breaking news for the IDG News Service. Follow Robert on Twitter at @ bobmcmillan. E-mail address is robert_mcmillan@idg.com, Robert
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
No comments:
Post a Comment