Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Microsoft released an emergency security patch for a serious vulnerability
If you are using Windows OS, install this security patch now.
Microsoft has released an emergency security patch to fix the RCE (Remote Code Execution) error on the Malware Protection Engine (MPE), allowing an attacker to execute remote code and gain control of the victim's computer.
Enabled by default, Microsoft Malware Protection Engine provides basic security features (such as scanning, detecting, deleting) for Microsoft antivirus and anti-malware software.
See also: 10 most effective antivirus software for Windows 2017
According to Microsoft, the vulnerability affects many of its security software, including Windows Defender and Microsoft Security Essentials, along with Endpoint Protection, Forefront Endpoint Protection and Exchane Server 2013 and 2016, Windows 7, Windows 8.1, Windows 10, Windows RT 8.1 and Windows Server.
Microsoft released an emergency security patch for a serious vulnerability Picture 1
Install Windows security patch now to not be hacked
The code is CVE-2017-11937, this vulnerability is actually caused by the memory failure when the Malware Protection Engine scans for fake files to detect vulnerabilities.
The vulnerability allows hackers to take control of the PC
Microsoft said the attacker placed the infected file in a location, then scanned the Malware Protection Engine for memory errors and allowed remote code execution on the LocalSystem account and took control of the target machine.
"There are many ways to place this file, such as using a website that users access," Microsoft explained. Other ways can be email, chat applications. The attacker can also "take advantage of the website to approve or store the content the user provides to upload the file to a common location, then the Malware Protection Engine scans the host server and gets an error."
Download the security patch now
Microsoft assured customers that the vulnerability was fixed before any attack. They have released security updates and recommend patching as soon as possible. Most users can receive automatic emergency patches.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11937
This vulnerability was commanded by British National Network Security Center (NCSC), GCHQ's network security organization, and discovered and reported by the Department. The patch also came a few days before Microsoft released a Patch Tuesday patch for December.
See also: Microsoft released an updated patch for 25 critical security holes
Isabella HumphreyYou should read it
- Windows 10 KB4056892 emergency update (build 16299.192)
- Microsoft blocked Windows 7 security updates without antivirus software
- The best antivirus protection for Windows 10 in 2020
- How to fix BlueKeep security error for Windows 2003, Windows XP, Windows 7, Windows Server 2008
- Windows 7 users need to install Microsoft patches immediately to fix BlueKeep security errors
- Microsoft released an updated patch for 25 critical security holes
- Microsoft released a patch for 75 critical vulnerabilities on Windows 7 / 8.1 / 10, asking users to install
- Microsoft is preparing to release a series of new security holes
- Microsoft fixes 8 critical vulnerabilities
- Enhance Windows security with Panda Gold Protection
- 9 best antivirus software for Mac
- Microsoft released an emergency security patch, urging Windows users to install now
Maybe you are interested
Should I buy a USB, Bluetooth or NFC security key?
4 Security Steps to Follow When Using Remote Access Applications
Series of DrayTek router models have security holes
If you have an AMD CPU, install this important security update!
Roundup of new Chrome features and security updates
Google releases emergency security patch, fixes 4 security flaws on Chrome
Attack the network
The risk of losing all passwords is due to the built-in password management tool on Windows 10- Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messenger
- Detecting new malware on Android can damage phones
- Warning: a new variant of the virus that fills virtual money via Facebook Messenger will appear every 10 minutes
- Hundreds of thousands of IoT devices are likely to be attacked by vulnerabilities on the server
- VNCERT warns Internet users in Vietnam to change their email and Facebook passwords immediately
The risk of losing all passwords is due to the built-in password management tool on Windows 10
Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messenger
Detecting new malware on Android can damage phones
Warning: a new variant of the virus that fills virtual money via Facebook Messenger will appear every 10 minutes
Hundreds of thousands of IoT devices are likely to be attacked by vulnerabilities on the server
VNCERT warns Internet users in Vietnam to change their email and Facebook passwords immediately