Ascentive | Ascentive

Microsoft reveals security flaw in malware protection service

Feb 25th 2011 at 1:47 PM

From FinallyFast:

Specially crafted registry keys may make it possible for attackers to breach the integrity of Microsoft's malware protection engine, a component of several of the company's security offerings.

Microsoft announced earlier this week that a private report to the company had indicated it would be possible for users with valid logons to elevate their system privileges to root status, effectively handing them control over vulnerable systems. According to PC magazine, the products affected by the potential security threat include Microsoft Security Essentials, Windows Live OneCare, Windows Defender, Forefront Client Security, Forefront Endpoint Protection and the Malicious Software Removal Tool.

The publication notes, however, that the alert should not cause most users an undue amount of worry. For one thing, PC magazine says, the company indicated that a patch will be issued automatically "within 48 hours." Given the notice's Wednesday release, all vulnerable systems should have had the opportunity to update themselves. Users who have disabled automatic updates for their antivirus software, however, may still be in trouble, the publication says. Experts note this is a seriously unwise policy to follow, particularly for business users - an unprotected machine could expose an entire company's IT infrastructure to attack.

The Register, a UK-based tech publication, also points out that the vulnerability could only be exploited in a "plausible but unlikely set of circumstances," even on unpatched systems. PC magazine adds that the attack is relatively difficult to pull off in the first place, because it requires a genuine login and password combination. Many of the most dangerous exploits are so critical because they can be performed from a remote site and without leaving identifying information on a target machine, it says.

The news that Microsoft's security software had a vulnerability - that has since been patched - comes on the heels of a recent zero-day flaw that was revealed in Windows itself, according to The earlier problem was discovered by a researcher identified only as Cupidon-3005, who demonstrated that an error-reporting function in the CIFS browser service module could be manipulated remotely and, in some cases, used to distribute malicious code.

RedmondMag, however, says that getting a vulnerable computer to do anything other than crash by exploiting this code would be immensely difficult, though this does leave open the possibility of denial-of-service attacks. The publication said last week that Microsoft had not yet released an official fix for the attack, but SC magazine reports that users can block UDP and TCP ports 138, 139, and 445 to protect themselves.

Please to comment
Mar 2nd 2011 at 12:41 PM by doddee
I agree with elweb...Mac is the best, and I'm into Kubuntu on my pc.
Feb 25th 2011 at 6:02 PM by elweb
Microsoft, blah, average 33 days between security breech identified and M$ issuing a fix. A multibillion dollar industry from its insecurity and you your machine, data, and personal details are still not safe. I hate M$. Use OS X (Mac) or Ubuntu (PC). Bugs fixed in days not months. No need for anti-virus, anti-spyware.

sign in

Remember Me

New to IM faceplate? join free!

Lost Password? click here