Microsoft Quickly Patches Malware Protection Engine Vulnerability

In a May 8 security advisory, Microsoft acknowledged the update for its Malware Protection engine, which addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially-crafted file, leading to memory corruption. “An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system,” the company reported. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

http://beta.itprotoday.com/security/microsoft-quickly-patches-malware-protection-engine-vulnerability