Microsoft Malware Protection Engine CVE-2013-1346 Remote Code Execution Vulnerability

2013-05-14T00:00:00
ID SMNTC-59885
Type symantec
Reporter Symantec Security Response
Modified 2013-05-14T00:00:00

Description

Description

Microsoft Malware Protection Engine is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code with LocalSystem account privileges. Failed exploit attempts will result in a denial-of-service condition. Microsoft Malware Protection Engine 1.1.9402.0 and prior are vulnerable.

Technologies Affected

  • Microsoft Forefront Client Security (x64)
  • Microsoft Forefront Endpoint Protection 2010 (x64)
  • Microsoft Forefront Security for SharePoint Service Pack 3 (x64)
  • Microsoft Malicious Software Removal Tool (x64)
  • Microsoft Malware Protection Engine 1.1.6502.0
  • Microsoft Malware Protection Engine 1.1.6603.0
  • Microsoft Malware Protection Engine 1.1.9402.0
  • Microsoft Security Essentials (x64)
  • Microsoft Security Essentials Prerelease (x64)
  • Microsoft System Center 2012 Endpoint Protection (x64)
  • Microsoft System Center 2012 Endpoint Protection Service Pack 1 (x64)
  • Microsoft Windows Defender Offline (x64)
  • Microsoft Windows Defender for Windows 7
  • Microsoft Windows Defender for Windows 8 (x64) All
  • Microsoft Windows Defender for Windows Server 2003
  • Microsoft Windows Defender for Windows Server 2008
  • Microsoft Windows Defender for Windows Server 2008 R2 (x64)
  • Microsoft Windows Defender for Windows Vista
  • Microsoft Windows Defender for Windows XP
  • Microsoft Windows Intune Endpoint Protection (x64)

Recommendations

Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.

Do not accept or execute files from untrusted or unknown sources.
To reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.

Implement multiple redundant layers of security.
Since this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploit attempts of memory-corruption vulnerabilities.

Updates are available. Please see the references or vendor advisory for more information.