Microsoft Security Essentials Code Execution

2013-05-05T00:00:00
ID PACKETSTORM:121520
Type packetstorm
Reporter Stefan Kanthak
Modified 2013-05-05T00:00:00

Description

                                        
                                            `Hi @ll,  
  
versions of Microsoft Security Essentials before the current  
v4.2 (see <https://support.microsoft.com/kb/2805304>) have a  
vulnerability that could lead to execution of arbitrary code  
in the security context of the LocalSystem account (almost like  
<https://support.microsoft.com/kb/2781197> alias  
<http://technet.microsoft.com/security/bulletin/ms13-034>).  
  
The "UninstallString" written to  
  
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client]  
"UninstallString"="C:\\Program Files\\Microsoft Security Client\\Setup.exe /X"  
  
contains unquoted spaces.  
This command may be called by Windows Update Agent or deployment  
agents running under the LocalSystem account.  
  
  
Timeline:  
~~~~~~~~~  
  
2012-12-05 vendor informed  
  
2013-12-06 vendor acknowledged report  
  
2013-02-13 vendor released fixed version  
  
  
Stefan Kanthak  
`