You are here

T-565: Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability

February 25, 2011 - 7:40am

Addthis

PROBLEM:

Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of PrivilegeVulnerability.

PLATFORM:

Microsoft Malware Protection Engine

Last version of the Microsoft Malware Protection Engine affected by this vulnerability: Version 1.1.6502.0

This version is the last version of the Microsoft Malware Protection Engine that is affected by the vulnerability.

First version of the Microsoft Malware Protection Engine with this vulnerability addressed:Version 1.1.6603.0

If the version of the Microsoft Malware Protection Engine is equal to or greater than this version, then you are not affected by this vulnerability and do not need to take any further action. For more information on how to verify the engine version number that your software is currently using, see the section, "Verifying Update Installation", in Microsoft Knowledge Base Article 2510781.

ABSTRACT:

Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft.

reference LINKS:

Microsoft Security Advisory (2491888)
Secunia Advisory SA43468
CVE-2011-0037
MS Article ID: 2510781

IMPACT ASSESSMENT:

Low

Discussion:

A vulnerability has been reported in various Microsoft products, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to an error in Microsoft Malware Protection Engine during scanning and can be exploited to gain LocalSystem privileges by setting a specially crafted value for a registry key.

The vulnerability is reported in version 1.1.6502.0 and prior of Microsoft Malware Protection Engine.

Since the Microsoft Malware Protection Engine is a part of several Microsoft anti-malware products, the update to the Microsoft Malware Protection Engine is installed along with the updated malware definitions for the affected products. Administrators of enterprise installations should follow their established internal processes to ensure that the definition and engine updates are approved in their update management software, and that clients consume the updates accordingly.

Solution:

The Microsoft Malware Protection Engine is a part of several Microsoft anti-malware products. Depending upon which affected Microsoft anti-malware product is installed, this update may have different severity ratings. The following severity ratings assume the potential maximum impact of the vulnerability.

Vulnerability Severity Rating and Maximum Security Impact by Affected Software: Affected Software

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of this issue. The following mitigating factors may be helpful in your situation:

* An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.

* An attacker could use the Malicious Software Removal Tool (MSRT) to exploit this vulnerability only if MSRT has not already run on the system. For the majority of end users, the current version of the MSRT will already have downloaded and run automatically through automatic updating.

 

Addthis