Microsoft Issues Emergency Update to their Malware Protection Engine

[DooKey]

Microsoft has released an emergency update to their malware protection engine that most users should get automatically. What makes this so funny is the fact that what's supposed to protect your system has to be fixed to protect itself. Anyway, it could have been worse if MS called this a feature instead of a flaw. However, if you don't have auto updates turned on, it would be a good idea to go download the patch and install it manually.

According to Microsoft, the vulnerability can be triggered when the Malware Protection Engine scans a downloaded file to check for threats. In many systems this is set to happen automatically for all new files. By exploiting a memory corruption error in the malware scanning tool, the attack file would be able to execute code on the target machine with LocalSystem privileges.

 

[BinarySynapse]

Not sure what's funny about it. Anti-malware packages are just software, and ALL software has flaws. Even the fixes for those flaws sometimes create more flaws.

 

[dgingeri]

That's a pretty old logo they dug up for their article.

 

[Master_shake_]

Not sure what's funny about it. Anti-malware packages are just software, and ALL software has flaws. Even the fixes for those flaws sometimes create more flaws.

it's like when you change the locks on your doors but then smash all the windows.

 

[dgingeri]

it's like when you change the locks on your doors but then smash all the windows.

In this case, probably closer to having a big, heavy security door with a 18"X54" window of regular glass in the middle of it.

 

[Kdawg]

my shit is still on Engine Version: 1.1.14306.0

and it's 2 days after announcement. where's my patch

oh nevermind, i hit the update button and it downloaded.

 

[Retronym]

ITS TAKING FOREVER