Topic: Critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937) @ AskWoody

Critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937)

Posted on gborn Comment on the AskWoody Lounge
Home › Forums › Code Red – Security/Privacy advisories › Critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937)

Tagged: CVE, CVE-2017-11937, Forefront, Microsoft Security Essentials, Vulnerability, Windows Defender
- This topic has 5 replies, 4 voices, and was last updated 3 years, 3 months ago by anonymous.
Viewing 5 reply threads
- Author
  
  Posts
- - December 7, 2017 at 1:37 am #150386
    
    gborn
    AskWoody_MVP
    
    Strange things happen. I received this night (Germany) a notification from Microsoft about a critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937). All Windows versions using either Defender or Microsoft Security Essentials or Forefront are affected. But there are no updates available – and the link within Microsoft’s Update Catalog are broken.
    
    I’ve documented my findings till yet within my blog post: Critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937)
    
    Perhaps other users can shed a bit more light into that topic. In case you have new insights, please leave a comment, either here or within my blog. I will also link from my article to this thread.
    
    Microsoft Windows Insider MVP, Microsoft Answers Community Moderator, Blogger, Book author
    
    https://www.borncity.com/win/
    
    3 users thanked author for this post.
    
    Elly, satrow, HiFlyer
    
    Reply | Quote
  - December 7, 2017 at 3:03 am #150572
    
    gborn
    AskWoody_MVP
    
    Ok, it seems I was lured into the wrong direction by Microsoft’s Security Center and it’s download links. I’ve added my blog post.
    
    Defender and MSE are updating itself – and it seems that yesterday the Security module has been updated. That’s what I found out comparing the details on 2 Win 7 machines (one, which is always online and one, which hasn’t been booted since 3 days).
    
    Microsoft Windows Insider MVP, Microsoft Answers Community Moderator, Blogger, Book author
    
    https://www.borncity.com/win/
    
    5 users thanked author for this post.
    
    WildBill, walker, Elly, woody, HiFlyer
    
    Reply | Quote
  - December 7, 2017 at 3:05 am #150574
    
    HiFlyer
    AskWoody Plus
    
    Win Defender Win8.1.64, 7.12.2017.
    Antimalware Client Version: 4.10.209.0
    Engine Version: 1.1.14405.2
    Antivirus definition: 1.259.16.0
    Antispyware definition: 1.259.16.0
    Network Inspection System Engine Version: 2.1.14202.0
    Network Inspection System Definition Version: 118.2.0.0
    
    3 users thanked author for this post.
    
    WildBill, woody, gborn
    
    Reply | Quote
  - December 7, 2017 at 5:33 am #150600
    
    dgreen
    AskWoody Lounger
    
    Microsoft Security Essentials updated this morning
    
    antimalware client version: 4.10.209.0
    engine version: 1.1.14405.2
    antivirus definition: 1.259.16.0
    antispyware definition 1.259.16.0
    Network inspection system engine version: 2.1.14202.0
    Network Inspection system definition version: 118.2.0.0
    
    2 users thanked author for this post.
    
    woody, HiFlyer
    
    Reply | Quote
  - December 7, 2017 at 9:02 am #150630
    
    anonymous
    Guest
    
    Win7 Pro, MSE.
    
    Yes, this morning (Europe) there was a large download of definitions, taking the definition number on my main machine from 1.257.1460.0 yeaterday afternoon to 1.259.1.0 this morning. Some investigation with a spare, not-internet-facing, machine shows that:
    
    My main machine updated to engine version 1.1.14405.2 sometime recently, while the spare machine (which was up-to-date within the last week) is still at 1.1.14306.0.
    
    I suspect (and I am glad to see) that the engine is apparently kept up to date when using the on-line update method.
    
    HMcF
    
    2 users thanked author for this post.
    
    woody, HiFlyer
    
    Reply | Quote
  - December 7, 2017 at 6:50 pm #150747
    
    anonymous
    Guest
    
    Wasn’t available in the USA earlier but showed up this PM. Win7 Pro x64 with Defender. Engine updated to 1.1.14405.2 and definitions to 1.259.37.0.
    
    1 user thanked author for this post.
    
    woody
    
    Reply | Quote
- Author
  
  Posts
Viewing 5 reply threads

Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

Reply To: Critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937)
You can use BBCodes to format your content.
Your account can't use Advanced BBCodes, they will be stripped before saving.

Cancel

Welcome to our unique respite from the madness.

It's easy to post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.

Plus Membership

Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.

AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments. Click here for details and to sign up.