• Critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937)

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » Critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937)

    Tags:

    Author
    Topic
    gborn
    AskWoody_MVP
    December 7, 2017 at 1:37 am #150386

    Strange things happen. I received this night (Germany) a notification from Microsoft about a critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937). All Windows versions using either Defender or Microsoft Security Essentials or Forefront are affected. But there are no updates available – and the link within Microsoft’s Update Catalog are broken.

    I’ve documented my findings till yet within my blog post: Critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937)

    Perhaps other users can shed a bit more light into that topic. In case you have new insights, please leave a comment, either here or within my blog. I will also link from my article to this thread.

    Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author

    https://www.borncity.com/win/

    3 users thanked author for this post.
    Elly, satrow, HiFlyer
    Reply | Quote
    Viewing 4 reply threads
    Author
    Replies
    • gborn
      AskWoody_MVP
      December 7, 2017 at 3:03 am #150572

      Ok, it seems I was lured into the wrong direction by Microsoft’s Security Center and it’s download links. I’ve added my blog post.

      Defender and MSE are updating itself – and it seems that yesterday the Security module has been updated. That’s what I found out comparing the details on 2 Win 7 machines (one, which is always online and one, which hasn’t been booted since 3 days).

      Ex Microsoft Windows (Insider) MVP, Microsoft Answers Community Moderator, Blogger, Book author

      https://www.borncity.com/win/

      5 users thanked author for this post.
      WildBill, walker, Elly, woody, HiFlyer
      Reply | Quote
    • HiFlyer
      AskWoody Lounger
      December 7, 2017 at 3:05 am #150574

      Win Defender Win8.1.64, 7.12.2017.
      Antimalware Client Version: 4.10.209.0
      Engine Version: 1.1.14405.2
      Antivirus definition: 1.259.16.0
      Antispyware definition: 1.259.16.0
      Network Inspection System Engine Version: 2.1.14202.0
      Network Inspection System Definition Version: 118.2.0.0

      3 users thanked author for this post.
      WildBill, woody, gborn
      Reply | Quote
    • dgreen
      AskWoody Lounger
      December 7, 2017 at 5:33 am #150600

      Microsoft Security Essentials updated this morning

      antimalware client version: 4.10.209.0
      engine version:  1.1.14405.2
      antivirus definition:  1.259.16.0
      antispyware definition 1.259.16.0
      Network inspection system engine version: 2.1.14202.0
      Network Inspection system definition version:  118.2.0.0

       

      2 users thanked author for this post.
      woody, HiFlyer
      Reply | Quote
    • anonymous
      Guest
      December 7, 2017 at 9:02 am #150630

      Win7 Pro, MSE.

      Yes, this morning (Europe) there was a large download of definitions, taking the definition number on my main machine from 1.257.1460.0 yeaterday afternoon to 1.259.1.0 this morning.  Some investigation with a spare, not-internet-facing, machine shows that:

      My main machine updated to engine version 1.1.14405.2 sometime recently, while the spare machine (which was up-to-date within the last week) is still at 1.1.14306.0.

      I suspect (and I am glad to see) that the engine is apparently kept up to date when using the on-line update method.

      HMcF

      2 users thanked author for this post.
      woody, HiFlyer
      Reply | Quote
    • anonymous
      Guest
      December 7, 2017 at 6:50 pm #150747

      Wasn’t available in the USA earlier but showed up this PM. Win7 Pro x64 with Defender. Engine updated to 1.1.14405.2 and definitions to 1.259.37.0.

      1 user thanked author for this post.
      woody
      Reply | Quote
    Viewing 4 reply threads
    Reply To: Critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937)

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.