Microsoft Forefront Endpoint Protection 2010 Microsoft Malware Protection Engine Vulnerability - CVE-2011-0037 The following severity ratings assume the potential maximum impact of the vulnerability. Depending upon which affected Microsoft anti-malware product is installed, this update may have different severity ratings. The Microsoft Malware Protection Engine is a part of several Microsoft anti-malware products. To determine the support life cycle for your software version or edition, visit Microsoft Support Lifecycle. Other versions or editions are either past their support life cycle or are not affected. The following software have been tested to determine which versions or editions are affected. For more information on how to verify the engine version number that your software is currently using, see the section, "Verifying Update Installation", in Microsoft Knowledge Base Article 2510781. **If your version of the Microsoft Malware Protection Engine is equal to or greater than this version, then you are not affected by this vulnerability and do not need to take any further action. *This version is the last version of the Microsoft Malware Protection Engine that is affected by the vulnerability. Last version of the Microsoft Malware Protection Engine affected by this vulnerabilityįirst version of the Microsoft Malware Protection Engine with this vulnerability addressed Advisory Details Issue Referencesįor more information about this issue, see the following references: References The exact time frame depends on the software used, Internet connection, and infrastructure configuration. Typically, no action is required of enterprise administrators or end users to install this update, because the built-in mechanism for the automatic detection and deployment of this update will apply the update within the next 48 hours. Administrators of enterprise installations should follow their established internal processes to ensure that the definition and engine updates are approved in their update management software, and that clients consume the updates accordingly. Since the Microsoft Malware Protection Engine is a part of several Microsoft anti-malware products, the update to the Microsoft Malware Protection Engine is installed along with the updated malware definitions for the affected products. The vulnerability could not be exploited by anonymous users. An attacker who successfully exploited the vulnerability could gain the same user rights as the LocalSystem account. The update addresses a privately reported vulnerability that could allow elevation of privilege if the Microsoft Malware Protection Engine scans a system after an attacker with valid logon credentials has created a specially crafted registry key. Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft. Version: 1.1 General Information Executive Summary Published: Febru| Updated: March 08, 2011 Security Advisory Microsoft Security Advisory 2491888 Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of Privilege
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |