« If it can be used for good, it can be used for bad
Excellent research and advice on password security »

MS malware engine vulnerable to malware

Oh Noz.

I been saying for a long time that:

  1. Microsoft can’t code their way out of a paper bag (as far as security goes)
  2. Letting them write their own security suite is like letting the fox build the hen-house…

And my prophecy came true, sadly…

Take a moment to enable that hardware DEP!

From the Inquirer:
http://www.theinquirer.net/default.aspx?article=37629

By Andrew Thomas
14 February 2007

OH DEAR, OH DEAR. If there was one piece of software you’d expect to be secure from malware attacks it would have to be malware protection software itself. Sadly, this is not the case with Microsoft Defender, the software giant’s all-singing, all-dancing user security package.

According to security bulletin CVE-2006-5270 - Microsoft Malware Protection Engine Vulnerability, Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and Forefront Security, allows user-assisted remote attackers to execute arbitrary code via a PDF file. All the following are at risk of remote code execution:

Windows Live OneCare
Microsoft Antigen for Exchange 9.x
Microsoft Antigen for SMTP Gateway 9.x
Microsoft Windows Defender
Microsoft Windows Defender x64 Edition
Microsoft Windows Defender in Windows Vista
Microsoft Forefront Security for Exchange Server
Microsoft Forefront Security for SharePoint

According to the bulletin rated ‘critical’ a remote code execution vulnerability exists in the Microsoft Malware Protection Engine because of the way that it parses Portable Document Format (PDF) files. An attacker could exploit the vulnerability by constructing a specially crafted PDF File that could potentially allow remote code execution when the target computer system receives, and the Microsoft Malware Protection Engine scans, the PDF file.

To have one insecure security product could be seen as unlucky; to have eight looks a bit like carelessness.

L’INQ
Microsoft Security Bulletin MS07-010
http://www.microsoft.com/technet/security/Bulletin/ms07-010.mspx

This entry was posted on Thursday, February 15th, 2007 at 10:50 pm and is filed under Microsoft. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply