Microsoft had warned customers that its malware detection engine, used in a wide range of its products, could be disabled if an attacker sent a malformed file as an email attachment
From Computerworld:
From Computerworld:
A successful attack would leave a Microsoft-guarded PC wide open to subsequent exploits, the company warned.Microsoft fixes flaw in its own security software
"An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted," Microsoft said in an advisory yesterday.
That engine is the foundation of the company's enterprise- and consumer-grade security products, including Windows Intune Endpoint Protection, System Center 2012 Endpoint Protection, Microsoft Security Essentials, Windows Defender and the Microsoft Malicious Software Removal Tool.