Microsoft fixes hole in its antivirus engine

Vulnerability is addressed in update for Microsoft Malware Protection Engine, an update that'll be automatically applied to most systems.

by Elinor Mills

February 24, 2011 12:45 PM PST Follow @elinormills

Microsoft has plugged a hole in its antivirus and antispyware software that could allow an attacker authenticated on the local system to gain LocalSystem privileges.

The fix for the privilege escalation vulnerability is included in an update to the Microsoft Malware Protection Engine. Since the malware protection updates are automatically applied, most end users and administrators won't need to do anything, Microsoft said in its advisory, issued yesterday. The update should be applied within 48 hours of the advisory release, or by the weekend.

The vulnerability is rated "important" for Windows Live OneCare, Microsoft Security Essentials, Windows Defender, Microsoft Malicious Software Removal tool, Forefront Client Security, and Forefront Endpoint Protection 2010.

"The update addresses a privately reported vulnerability that could allow elevation of privilege if the Microsoft Malware Protection Engine scans a system after an attacker with valid log-on credentials has created a specially crafted registry key," the advisory says. "An attacker who successfully exploited the vulnerability could gain the same user rights as the LocalSystem account. The vulnerability could not be exploited by anonymous users."

Workstations and terminal servers are primarily at risk, Microsoft said.

News

Xbox One: Say goodbye to the TV remote

Microsoft wants to revamp the way we watch TV, change channels, and switch between different media with the new Xbox One. CNET's Sumi Das on how the voice and motion controls are integrated with the TV viewing experience.

Play Video