MyCERT Advisories


MyCERT Advisories, Alerts and Summaries for the year 2017

MA-660.052017: MyCERT Advisory – Security Update for Microsoft Malware Protection Engine
Date first published: 12/5/2017


1.0    Introduction
Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft. The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file.


2.0    Impact
An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system.

•    CVE-2017-0290: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0290


3.0 Affected Product
  • Microsoft Forefront Endpoint Protection 2010
  • Microsoft Endpoint Protection
  • Microsoft Forefront Security for SharePoint Service Pack 3
  • Microsoft System Center Endpoint Protection
  • Microsoft Security Essentials
  • Windows Defender for Windows 7
  • Windows Defender for Windows 8.1
  • Windows Defender for Windows RT 8.1
  • Windows Defender for Windows 10, Windows 10 1511, Windows 10 1607, Windows Server 2016, Windows 10 1703
  • Windows Intune Endpoint Protection

4.0 Recommendations
MyCERT recommends users to review the information provided on the URL below and apply necessary update.
•    https://technet.microsoft.com/en-us/library/security/4022344


Generally, MyCERT advises the users of this software to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.


For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999@cybersecurity.my or mycert@mycert.org.my 

Phone: 1-300-88-2999 (monitored during business hours)

Fax: +603 89453442 

Mobile: +60 19 2665850 (24x7 call incident reporting)

SMS: CYBER999 REPORT EMAIL COMPLAINT to 15888

Business Hours: Mon - Fri 09:00 AM - 18:00 PM MYT

Web: http://www.mycert.org.my
Twitter: http://www.twitter.com/mycert
Facebook: http://www.facebook.com/mycert.org.my
Cyber999 Mobile Apps: IOS Users or Android Users


5.0    References
•    https://technet.microsoft.com/en-us/library/security/4022344
•    https://threatpost.com/emergency-update-patches-zero-day-in-microsoft-malware-protection-engine/125529/
•    https://krebsonsecurity.com/2017/05/emergency-fix-for-windows-anti-malware-flaw-leads-mays-patch-tuesday/
•    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0290