Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937)

    Home Forums Code Red – Security advisories Critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937)

    This topic contains 5 replies, has 4 voices, and was last updated by  anonymous 1 week, 3 days ago.

    • Author
      Posts
    • #150386 Reply

      gborn
      AskWoody MVP

      Strange things happen. I received this night (Germany) a notification from Microsoft about a critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937). All Windows versions using either Defender or Microsoft Security Essentials or Forefront are affected. But there are no updates available – and the link within Microsoft’s Update Catalog are broken.

      I’ve documented my findings till yet within my blog post: Critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937)

      Perhaps other users can shed a bit more light into that topic. In case you have new insights, please leave a comment, either here or within my blog. I will also link from my article to this thread.

      3 users thanked author for this post.
    • #150572 Reply

      gborn
      AskWoody MVP

      Ok, it seems I was lured into the wrong direction by Microsoft’s Security Center and it’s download links. I’ve added my blog post.

      Defender and MSE are updating itself – and it seems that yesterday the Security module has been updated. That’s what I found out comparing the details on 2 Win 7 machines (one, which is always online and one, which hasn’t been booted since 3 days).

      4 users thanked author for this post.
    • #150574 Reply

      HiFlyer
      AskWoody Lounger

      Win Defender Win8.1.64, 7.12.2017.
      Antimalware Client Version: 4.10.209.0
      Engine Version: 1.1.14405.2
      Antivirus definition: 1.259.16.0
      Antispyware definition: 1.259.16.0
      Network Inspection System Engine Version: 2.1.14202.0
      Network Inspection System Definition Version: 118.2.0.0

      2 users thanked author for this post.
    • #150600 Reply

      dgreen
      AskWoody Lounger

      Microsoft Security Essentials updated this morning

      antimalware client version: 4.10.209.0
      engine version:  1.1.14405.2
      antivirus definition:  1.259.16.0
      antispyware definition 1.259.16.0
      Network inspection system engine version: 2.1.14202.0
      Network Inspection system definition version:  118.2.0.0

       

      2 users thanked author for this post.
    • #150630 Reply

      anonymous

      Win7 Pro, MSE.

      Yes, this morning (Europe) there was a large download of definitions, taking the definition number on my main machine from 1.257.1460.0 yeaterday afternoon to 1.259.1.0 this morning.  Some investigation with a spare, not-internet-facing, machine shows that:

      My main machine updated to engine version 1.1.14405.2 sometime recently, while the spare machine (which was up-to-date within the last week) is still at 1.1.14306.0.

      I suspect (and I am glad to see) that the engine is apparently kept up to date when using the on-line update method.

      HMcF

      2 users thanked author for this post.
    • #150747 Reply

      anonymous

      Wasn’t available in the USA earlier but showed up this PM. Win7 Pro x64 with Defender. Engine updated to 1.1.14405.2 and definitions to 1.259.37.0.

      1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Critical vulnerability in Microsoft’s Malware Protection Engine (CVE-2017-11937)

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:


    Comments are closed.