MS Malware Protection Engine Update May 25, 2017

[German]It seems that Microsoft has issued another out-of-the-bank security update for Microsoft Malware Protection Engine (MsMpEng) on May 25, 2017. Here are a few details.


Advertising

On May 8, 2017 Microsoft has fixed a critical vulnerability in Microsoft Malware Protection Engine (MsMpEng) – see my blog post Microsoft fixes critical Malware Protection Engine vulnerability. Microsoft wrote, that CVE-2017-0290 has been addressed. CVE-2017-0290 allows remote code execution in Microsoft’s Malware Protection Engine (the Chakra scripting engine was vulnerable).

New Microsoft Security Update Releases Mai 2017

This night I received an e-mail from Microsoft, titled ‘Microsoft Security Update Releases’ that contains the following information:

********************************************************************
Title: Microsoft Security Update Releases
Issued: May 25, 2017
********************************************************************

Summary
=======

The following CVEs have been added to May 2017 release. 

* CVE-2017-8535
* CVE-2017-8536
* CVE-2017-8537
* CVE-2017-8538
* CVE-2017-8539
* CVE-2017-8540
* CVE-2017-8541
* CVE-2017-8542

Revision Information:
=====================

CVE-2017-0223

 - CVE-2017-8542 | Microsoft Malware Protection Engine Denial 
   of Service Vulnerability

 - CVE-2017-8541 | Microsoft Malware Protection Engine Remote 
   Code Execution Vulnerability

 - CVE-2017-8540 | Microsoft Malware Protection Engine Remote 
   Code Execution Vulnerability

 - CVE-2017-8539 | Microsoft Malware Protection Engine Denial
   of Service Vulnerability

 - CVE-2017-8538 | Microsoft Malware Protection Engine Remote 
   Code Execution Vulnerability

 - CVE-2017-8537 | Microsoft Malware Protection Engine Denial 
   of Service Vulnerability

 - CVE-2017-8536 | Microsoft Malware Protection Engine Denial 
   of Service Vulnerability

 - CVE-2017-8535 | Microsoft Malware Protection Engine Denial 
   of Service Vulnerability 

 - https://portal.msrc.microsoft.com/en-us/security-guidance
 - Version: 1.0
 - Reason for Revision: Microsoft is releasing this out-of-band CVE 
   information to announce that a security update is available for 
   the Microsoft Malware Protection Engine. Microsoft recommends 
   that customers verify that the update is installed, and if 
   necessary, take steps to install the update. For more information 
   see the FAQ section
 - Originally posted: May 25, 2017  
 - Aggregate CVE Severity Rating: Critical
 - Version: 1.0

Microsoft linked to Security Update Guide, but during writing this blog post, I was not able to find an entry within Security Update Guide for CVE-2017-0223 (or the other CVEs). The details presented below are obtained from other sources.

Here are more details

CVE-2017-0223 addresses, according to this site a vulnerability in Microsoft Chakra Core:

A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka “Scripting Engine Memory Corruption Vulnerability”. This vulnerability is unique from CVE-2017-0252.

Microsoft lists the following CVEs addressed in another MsMpEng May update.


Advertising

  • CVE-2017-8535: Microsoft Malware Protection Engine; Denial of Service Vulnerability
  • CVE-2017-8536: Microsoft Malware Protection Engine; Denial of Service Vulnerability
  • CVE-2017-8537: Microsoft Malware Protection Engine; Denial of Service Vulnerability
  • CVE-2017-8538: Microsoft Malware Protection Engine; Remote  Code Execution Vulnerability
  • CVE-2017-8539: Microsoft Malware Protection Engine; Denial of Service Vulnerability
  • CVE-2017-8540: Microsoft Malware Protection Engine; Remote  Code Execution Vulnerability
  • CVE-2017-8541 Microsoft Malware Protection Engine; Remote  Code Execution Vulnerability
  • CVE-2017-8542: Microsoft Malware Protection Engine; Denial of Service Vulnerability

The CVE’s has been entered at May 3, 2017 into the database.

Microsoft Malware Protection Engine update

Microsoft wrotes within the Security Update Releases-Information about an out-of-the-band update for MSMpEn. 

Reason for Revision: Microsoft is releasing this out-of-band CVE information to announce that a security update is available for the Microsoft Malware Protection Engine. Microsoft recommends that customers verify that the update is installed, and if necessary, take steps to install the update. For more information  see the FAQ section

– Originally posted: May 25, 2017 

I couldn’t find the FAQ section mentioned above. My interpretation was, that Micorsoft has updated Microsoft Malware Protection Engine again on Maiy 25,2017 to address additional vulnerabilities. Because MSMpEn is updated via Microsoft’s security products (Windows Defender, Microsoft Security Essentials) and not via Windows Update, I checked my machine with MSE (see also my German blog post MS Malware Protection Engine – welche Version habe ich?).

MSMPE-25.05.2017_thumb[2]

My MSMpEn has version 1.1.13804.0, whilst after May 9, 2017 the version 1.1.13704.0 has been reported. It seems that Microsoft Malware Protection Engine has been updates (via Microsoft Security Essentials or Windows Defender). If you have further details or more insights, please left a comment.


Cookies helps to fund this blog: Cookie settings
Advertising


This entry was posted in Security, Update, Windows and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *