Microsoft Fixes Two Critical Defender Bugs


Microsoft has released fixes for two critical flaws in its Windows Defender product which could allow attackers to completely take control of a targeted system.

CVE-2017-11937 and CVE-2017-11940 remote code execution (RCE) vulnerabilities that exist when the Microsoft Malware Protection Engine (MMPE) doesn’t properly scan a specially crafted file, leading to memory corruption.

A remote attacker could therefore use a specially crafted file to execute arbitrary code, leading to a full system compromise. The file could be emailed, IM’d or delivered via a compromised website, the alert noted.

As the engine automatically scans files in real-time, the bugs could be easily exploited.

The updates fix the vulnerabilities by correcting the way in which the Microsoft Malware Protection Engine scans specially crafted files.

The software flaws affect Windows Defender on all supported Windows PC and server platforms, as well as Microsoft Endpoint Protection, Windows Intune Endpoint Protection, Security Essentials, Forefront Endpoint Protection and Exchange Server 2013 and 2016.

Fortunately, the vulnerabilities are not thought to have been publicly disclosed or exploited in the wild.

Most enterprise admins will not need to take any further action as the updates will be automatically deployed.


Allyson White, CEO Alde Security Solutions, LLC.

Allyson White