News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937)

    Home Forums Code Red – Security/Privacy advisories Critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937)

    Viewing 5 reply threads
    • Author
      Posts
      • #150386
        gborn
        AskWoody_MVP

        Strange things happen. I received this night (Germany) a notification from Microsoft about a critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937). All Windows versions using either Defender or Microsoft Security Essentials or Forefront are affected. But there are no updates available – and the link within Microsoft’s Update Catalog are broken.

        I’ve documented my findings till yet within my blog post: Critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937)

        Perhaps other users can shed a bit more light into that topic. In case you have new insights, please leave a comment, either here or within my blog. I will also link from my article to this thread.

        Microsoft Windows Insider MVP, Microsoft Answers Community Moderator, Blogger, Book author

        https://www.borncity.com/win/

        3 users thanked author for this post.
      • #150572
        gborn
        AskWoody_MVP

        Ok, it seems I was lured into the wrong direction by Microsoft’s Security Center and it’s download links. I’ve added my blog post.

        Defender and MSE are updating itself – and it seems that yesterday the Security module has been updated. That’s what I found out comparing the details on 2 Win 7 machines (one, which is always online and one, which hasn’t been booted since 3 days).

        Microsoft Windows Insider MVP, Microsoft Answers Community Moderator, Blogger, Book author

        https://www.borncity.com/win/

        5 users thanked author for this post.
      • #150574
        HiFlyer
        AskWoody Plus

        Win Defender Win8.1.64, 7.12.2017.
        Antimalware Client Version: 4.10.209.0
        Engine Version: 1.1.14405.2
        Antivirus definition: 1.259.16.0
        Antispyware definition: 1.259.16.0
        Network Inspection System Engine Version: 2.1.14202.0
        Network Inspection System Definition Version: 118.2.0.0

        3 users thanked author for this post.
      • #150600
        dgreen
        AskWoody Lounger

        Microsoft Security Essentials updated this morning

        antimalware client version: 4.10.209.0
        engine version:  1.1.14405.2
        antivirus definition:  1.259.16.0
        antispyware definition 1.259.16.0
        Network inspection system engine version: 2.1.14202.0
        Network Inspection system definition version:  118.2.0.0

         

        2 users thanked author for this post.
      • #150630
        anonymous
        Guest

        Win7 Pro, MSE.

        Yes, this morning (Europe) there was a large download of definitions, taking the definition number on my main machine from 1.257.1460.0 yeaterday afternoon to 1.259.1.0 this morning.  Some investigation with a spare, not-internet-facing, machine shows that:

        My main machine updated to engine version 1.1.14405.2 sometime recently, while the spare machine (which was up-to-date within the last week) is still at 1.1.14306.0.

        I suspect (and I am glad to see) that the engine is apparently kept up to date when using the on-line update method.

        HMcF

        2 users thanked author for this post.
      • #150747
        anonymous
        Guest

        Wasn’t available in the USA earlier but showed up this PM. Win7 Pro x64 with Defender. Engine updated to 1.1.14405.2 and definitions to 1.259.37.0.

        1 user thanked author for this post.
    Viewing 5 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: Critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937)

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.