The Microsoft Malware Protection Engine, mpengine.dll, provides the scanning, detection, and cleaning capabilities for a variety of Microsoft antivirus and antispyware software: Windows Defender, Microsoft Endpoint Protection, Microsoft Security Essentials, and so on.ĬVE-2018-0986 was discovered by Thomas Dullien (aka “Halvar Flake”), a security researcher with Google Project Zero. End users that do not wish to wait can manually update their antimalware software.” About the vulnerability (CVE-2018-0986) The exact time frame depends on the software used, Internet connection, and infrastructure configuration.
For these customers, the update will be applied within 48 hours of its availability. “For end-users, the affected software provides built-in mechanisms for the automatic detection and deployment of this update.
Enterprise administrators should also verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded, approved and deployed in their environment,” Microsoft advised. “Administrators of enterprise antimalware deployments should ensure that their update management software is configured to automatically approve and distribute engine updates and new malware definitions. A critical and extremely easily exploitable vulnerability in the Microsoft Malware Protection Engine (MMPE) has been patched through an out-of-band security update pushed out by Microsoft on Tuesday.
0 kommentar(er)
