Detalji

Uočena je sigurnosna ranjivost u radu nekoliko Microsoft proizvoda. Točnije, propust je vezan uz Microsoft Malware Protection Engine kojeg u svom radu koriste Windows Live OneCare, Microsoft Forefront Security, Microsoft Antigen, Windows Defender, itd. Nepravilnost se očituje prilikom obrade posebno prilagođene vrijednosti registarskog ključa. Lokalni, zlonamjerni korisnik može iskoristiti propust za povećanje ovlasti, pokretanje zlonamjernog programskog koda i preuzimanje potpune kontrole nad ranjivim sustavom. Korisnici se upućuju na instalaciju dostupnih zakrpa.

Microsoft Malware Protection Engine Privilege Escalation Vulnerability

VUPEN ID 	VUPEN/ADV-2011-0486
CVE ID 	CVE-2011-0037
 
CWE ID 	Available in VUPEN VNS Customer Area
CVSS V2 	Available in VUPEN VNS Customer Area
Rated as 	Moderate Risk 
Impact 	Available in VUPEN VNS Customer Area
Authentication Level 	Available in VUPEN VNS Customer Area
Access Vector 	Available in VUPEN VNS Customer Area
Release Date 	2011-02-23
Share 	Twitter LinkedIn Facebook Delicious Digg Slashdot

Technical Description

A vulnerability has been identified in Microsoft Malware Protection Engine, which could be exploited by local attackers to take complete control of a vulnerable system. This issue is caused by an error when scanning a malformed registry key value, which could allow malicious unprivileged users to execute arbitrary code with SYSTEM privileges by tricking a vulnerable application to scan a specially crafted registry location.

Affected Products

Microsoft Malware Protection Engine versions prior to 1.1.6603.0
Microsoft Windows Live OneCare
Microsoft Security Essentials
Microsoft Windows Defender
Microsoft Forefront Client Security
Microsoft Forefront Endpoint Protection 2010
Microsoft Malicious Software Removal Tool

Solution 

Install the latest malware definitions.

References

http://www.vupen.com/english/advisories/2011/0486
http://www.microsoft.com/technet/security/advisory/2491888.mspx

Credits 

Vulnerability reported by Cesar Cerrudo (Argeniss).

Changelog 

2011-02-23 : Initial release

Idi na vrh