On 3rd April 2018, Microsoft Corporation, the worldwide popular American multinational technology company has declared an emergency patch to remove the memory corruption vulnerability. This major vulnerability was discovered in the MMPE (Microsoft Malware Protection Engine) that was providing remote attackers a way to execute arbitrary code in the security feature of the most premium LocalSystem account.
In the last security update, Microsoft has clearly warned that “The execution of the arbitrary code is one of the easiest way for the hackers or users with ill-intentions the complete freedom to install programs.” Not only the installation, the malware actors can even view, modify/edit, or remove data. They can also create new accounts with the complete user authorities.
Named as CVE-2018-0986, this vulnerability can be exploited if the Microsoft Malware Protection Engine scans a custom-made file, given through the websites, Instant messenger communications, email messages, or other different mediums. Mainly, the Malware Protection Engine is installed to scan all the files without any user interruption and in real-time; else, it automatically performs scheduled scans after a certain interval of time.
With this vulnerability different products have already been affected. These products include Windows Intune Endpoint Protection, Microsoft Exchange Server 2013 and 2016, Windows Defender, Microsoft Forefront Endpoint Protection 2010, and Microsoft Security Essentials, which are being used on a variety of platforms.
To download or get this emergency patch, the admins and users need not to do anything. That’s because the MMPS provides a built-in mechanism that itself diagnose and then deploys all the upcoming updates within a maximum time of 2 days.
Bailey Martin is a passionate technical writer who loves to make research and then find the precise solution of all the latest online security vulnerabilities. She has written hundreds of blogs on antiviruses, , Microsoft Office errors and updates and other related topics. Her articles have also been published on many of the renowned tech websites. To read more updates visit office.com/setup