It took 3 days from Microsoft to release an update (patch) for the worst RCE (remote code execution) discovered by Google security researchers.
GOOGLE PROJECT ZERO RESEARCHER Tavis Ormandy has discovered a remote code execution (RCE) critical vulnerability in Windows. Ormandy called the bug as “the worst Windows remote code execution vulnerability in recent memory”. The security vulnerability actually affects the Microsoft Malware Protection Engine that exists with several of the company’s Windows antimalware products.
The Affected Software list of affected products:
- Microsoft Forefront Endpoint Protection 2010 – Critical Remote Code Execution
- Microsoft Endpoint Protection – Critical Remote Code Execution
- Microsoft Forefront Security for SharePoint Service Pack 3 – Critical Remote Code Execution
- Microsoft System Center Endpoint Protection – Critical Remote Code Execution
- Microsoft Security Essentials – Critical Remote Code Execution
- Windows Defender for Windows 7 – Critical Remote Code Execution
- Windows Defender for Windows 8.1 – Critical Remote Code Execution
- Windows Defender for Windows RT 8.1 – Critical Remote Code Execution
- Windows Defender for Windows 10, Windows 10 1511, Windows 10 1607, Windows Server 2016, Windows 10 1703 – Critical Remote Code Execution
- Windows Intune Endpoint Protection – Critical Remote Code Execution
The researchers said, the vulnerability tracked as “CVE-2017-0290” affects the “MsMpEng” service, which runs unsandboxed with SYSTEM privileges and is accessible without authentication via Windows services such as Exchange and IIS.
Google project zero published the technical details and the proof of concept (POC) of the exploit code.
Users don’t require to take any step as the affected products should be updated automatically, but you can also get it installed quickly by pressing ‘Check Update’ button in your settings.