Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.0998 Vulnerability in Microsoft Malware Protection Engine Could Allow Denial of Service 18 June 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Malware Protection Engine Publisher: Microsoft Operating System: Windows Impact/Access: Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2014-2779 Original Bulletin: https://technet.microsoft.com/en-us/library/security/2974294 - --------------------------BEGIN INCLUDED TEXT-------------------- Microsoft Security Advisory 2974294 Vulnerability in Microsoft Malware Protection Engine Could Allow Denial of Service Published: June 17, 2014 Version: 1.0 General Information Executive Summary Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft. The vulnerability could allow denial of service if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted. The Microsoft Malware Protection Engine ships with several Microsoft antimalware products. See the Affected Software section for a list of affected products. Updates to the Microsoft Malware Protection Engine are installed along with the updated malware definitions for the affected products. Administrators of enterprise installations should follow their established internal processes to ensure that the definition and engine updates are approved in their update management software, and that clients consume the updates accordingly. Typically, no action is required of enterprise administrators or end users to install updates for the Microsoft Malware Protection Engine, because the built-in mechanism for the automatic detection and deployment of updates will apply the update within 48 hours of release. The exact time frame depends on the software used, Internet connection, and infrastructure configuration. References Identification CVE Reference CVE-2014-2779 Microsoft Knowledge Base Article 2974294 Last version of the Microsoft Malware Protection Engine affected by this vulnerability Version 1.1.10600.0 First version of the Microsoft Malware Protection Engine with this vulnerability addressed Version 1.1.10701.0* *If your version of the Microsoft Malware Protection Engine is equal to or greater than this version, then you are not affected by this vulnerability and do not need to take any further action. For more information on how to verify the engine version number that your software is currently using, see the section, "Verifying Update Installation", in Microsoft Knowledge Base Article 2510781. Affected Software Microsoft Forefront Client Security Microsoft Forefront Endpoint Protection 2010 Microsoft Forefront Security for SharePoint Service Pack 3 Microsoft System Center 2012 Endpoint Protection Microsoft System Center 2012 Endpoint Protection Service Pack 1 Microsoft Malicious Software Removal Tool[1] Microsoft Security Essentials Microsoft Security Essentials Prerelease Windows Defender for Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2 Windows Defender for Windows RT and Windows RT 8.1 Windows Defender for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 Windows Defender Offline Windows Intune Endpoint Protection [1]Applies only to May 2014 or earlier versions of the Microsoft Malicious Software Removal Tool. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU6D/cRLndAQH1ShLAQIBPBAAuOk4FS2lA0VkV4lVdkx2Xfx6MKMWHrEw VGSOCDipgREW9G7hLOFyacfwQdHw1JomYjgnz56GHBM2gFxX214zCiKO9KSieeq2 ftzgr319ylw4tgAVUVMnOQPCVTKP76lUR33B+XTLijC0fi8TpTTohaqlXwszh6ys OiwUQOh8QpeSsnAoZIPrSL9h0FQAvgFCb8wJV36jsXQDDLh74pJVzc6cJrJans5R 5A3NgDxH8bkFGxkcli2j5UbmTHddflSdXxVlvaqwFb6f/U3mdl3kEech0tVGJ5DK 8JFH6GX/QBgC7LUScp+YI7YLUBueHtohXn6TytHfvTgJDYvmQfI8V8GmVAMsRgQi 31NkPiTHWMwsXTx2tusxSF+UzgfNMCXBQRnqlI6SgmqAZ8GLIIjGMYy1HVLqweA1 +ekP9KT/TUdbrKy0N1q8ohy6MHwq4doz0mSb6jQqBFB/D3fF5I9kcKtriWvvkdD0 MjG2dvQQvQesCgRVCq3N+LFvJpOrghofMVVI2/hB1XPHBRfK2WLWiWTkAguvNnFX 73fIWkJHTxw+PazPzqdenRhIuP/uG+elRUwMcGukkkTvrdqPTVv/m8ZdYV3hCpT4 z+ajLhHaf8eT7FbKr1tslFgHl4KHsmIT8R+L+HWLs5lqxuGUYcKskPKjeeJgcOlT bGvJtOJomEk= =08fB -----END PGP SIGNATURE-----