A flaw in the remote code execution processes in Microsoft’s proprietary MPE (short for Malware Protection Engine) has been resolved by Microsoft technicians, an advisory put forth by Microsoft reports. The flaw could have led to the corruption of storage data and, if employed by hackers, would have permitted them to breach the system and take full control of it after using the user’s LocalSystem account to execute arbitrary code.
The flaw could have had a significant impact on multiple security products offered by Microsoft, such as a variety of Microsoft Exchange, Defender, and Forefront End Point Protector versions. Upon breaching the system and securing its control, cybercriminals would have been able to add or remove programs and modify data of their own volition, even creating accounts with full user control of the attacked customer.
The advisory issued by Microsoft warns against the various methods that could be employed by hackers to create a special file that, if scanned by a corrupted pre-patched Microsoft MPE, would permit the attacker to exploit the flaw. These methods include using fake emails, IM messages, or websites as package delivery techniques.
Furthermore, the document explains, digital portals that host user-inputted information could be used to upload such a malware file to a shared location; when that location is scanned by the MPE that runs on the server hosting the digital portal, this would allow the hacker access to multiple users’ systems all at once.
Microsoft details that if a system has real-time protection turned in their MPE software, the engine will automatically engage in file-scanning procedures, thus allowing the hacker immediate access upon planting a designed file.
It could then be argued that if a user doesn’t have real-time protection activated then he will be safe from harm; the situation isn’t that simple, unfortunately. MPE runs scheduled scans of all files on the computer, so an attacker must only deliver the file on the system and wait for such a scan to take place. This means that any system that uses a corrupted pre-patch version of MPE is vulnerable to attack.
Fortunately, the patch put in place by Microsoft solves the scanning issue.
Plixer CEO Michael Patterson explains that the Microsoft operating system is one of the go-to targets of malicious agents due to its being so widely used all around the world. The CEO further explains that, in spite of the existence of the patch on most consumer-operated systems, it is not yet time to lower defenses. He warns that any firm should be ready for a security breach at any time, considering that malware can find its way on any system linked to the Internet.