[German]It seems that Microsoft has issued another out-of-the-bank security update for Microsoft Malware Protection Engine (MsMpEng) on May 25, 2017. Here are a few details.
Advertising
On May 8, 2017 Microsoft has fixed a critical vulnerability in Microsoft Malware Protection Engine (MsMpEng) – see my blog post Microsoft fixes critical Malware Protection Engine vulnerability. Microsoft wrote, that CVE-2017-0290 has been addressed. CVE-2017-0290 allows remote code execution in Microsoft's Malware Protection Engine (the Chakra scripting engine was vulnerable).
New Microsoft Security Update Releases Mai 2017
This night I received an e-mail from Microsoft, titled 'Microsoft Security Update Releases' that contains the following information:
******************************************************************** Title: Microsoft Security Update Releases Issued: May 25, 2017 ******************************************************************** Summary ======= The following CVEs have been added to May 2017 release. * CVE-2017-8535 * CVE-2017-8536 * CVE-2017-8537 * CVE-2017-8538 * CVE-2017-8539 * CVE-2017-8540 * CVE-2017-8541 * CVE-2017-8542 Revision Information: ===================== CVE-2017-0223 - CVE-2017-8542 | Microsoft Malware Protection Engine Denial of Service Vulnerability - CVE-2017-8541 | Microsoft Malware Protection Engine Remote Code Execution Vulnerability - CVE-2017-8540 | Microsoft Malware Protection Engine Remote Code Execution Vulnerability - CVE-2017-8539 | Microsoft Malware Protection Engine Denial of Service Vulnerability - CVE-2017-8538 | Microsoft Malware Protection Engine Remote Code Execution Vulnerability - CVE-2017-8537 | Microsoft Malware Protection Engine Denial of Service Vulnerability - CVE-2017-8536 | Microsoft Malware Protection Engine Denial of Service Vulnerability - CVE-2017-8535 | Microsoft Malware Protection Engine Denial of Service Vulnerability - https://portal.msrc.microsoft.com/en-us/security-guidance - Version: 1.0 - Reason for Revision: Microsoft is releasing this out-of-band CVE information to announce that a security update is available for the Microsoft Malware Protection Engine. Microsoft recommends that customers verify that the update is installed, and if necessary, take steps to install the update. For more information see the FAQ section - Originally posted: May 25, 2017 - Aggregate CVE Severity Rating: Critical - Version: 1.0
Microsoft linked to Security Update Guide, but during writing this blog post, I was not able to find an entry within Security Update Guide for CVE-2017-0223 (or the other CVEs). The details presented below are obtained from other sources.
Here are more details
CVE-2017-0223 addresses, according to this site a vulnerability in Microsoft Chakra Core:
A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This vulnerability is unique from CVE-2017-0252.
Microsoft lists the following CVEs addressed in another MsMpEng May update.
Advertising
- CVE-2017-8535: Microsoft Malware Protection Engine; Denial of Service Vulnerability
- CVE-2017-8536: Microsoft Malware Protection Engine; Denial of Service Vulnerability
- CVE-2017-8537: Microsoft Malware Protection Engine; Denial of Service Vulnerability
- CVE-2017-8538: Microsoft Malware Protection Engine; Remote Code Execution Vulnerability
- CVE-2017-8539: Microsoft Malware Protection Engine; Denial of Service Vulnerability
- CVE-2017-8540: Microsoft Malware Protection Engine; Remote Code Execution Vulnerability
- CVE-2017-8541 Microsoft Malware Protection Engine; Remote Code Execution Vulnerability
- CVE-2017-8542: Microsoft Malware Protection Engine; Denial of Service Vulnerability
The CVE's has been entered at May 3, 2017 into the database.
Microsoft Malware Protection Engine update
Microsoft wrotes within the Security Update Releases-Information about an out-of-the-band update for MSMpEn.
Reason for Revision: Microsoft is releasing this out-of-band CVE information to announce that a security update is available for the Microsoft Malware Protection Engine. Microsoft recommends that customers verify that the update is installed, and if necessary, take steps to install the update. For more information see the FAQ section
– Originally posted: May 25, 2017
I couldn't find the FAQ section mentioned above. My interpretation was, that Micorsoft has updated Microsoft Malware Protection Engine again on Maiy 25,2017 to address additional vulnerabilities. Because MSMpEn is updated via Microsoft's security products (Windows Defender, Microsoft Security Essentials) and not via Windows Update, I checked my machine with MSE (see also my German blog post MS Malware Protection Engine – welche Version habe ich?).
My MSMpEn has version 1.1.13804.0, whilst after May 9, 2017 the version 1.1.13704.0 has been reported. It seems that Microsoft Malware Protection Engine has been updates (via Microsoft Security Essentials or Windows Defender). If you have further details or more insights, please left a comment.
Advertising