Home > Cyber News > CVE-2018-0986: Critical Flaw in mpengine.dll Affects Windows Defender

CVE-2018-0986: Critical Flaw in mpengine.dll Affects Windows Defender

CVE-2018-0986 is the identifier of a brand new critical Windows vulnerability which resides in Microsoft Malware Protection Engine and affects Windows Defender. The flaw could trigger remote code execution when the engine doesn’t properly scan a specially crafted file leading to memory corruption, Microsoft said.

Related Story: CVE-2018-0878 in Windows Remote Assistance Discovered

The tech giant released patches for the critical bug ahead of April’s Patch Tuesday. Measures had to be taken immediately as the flaw affects Microsoft Malware Protection Engine and more specifically mpengine.dll, which is the core of Windows Defender in the latest version of the operation system (Windows 10).

How Can CVE-2018-0986 Be Exploited?

A specially crafted file must be scanned by an affected version of the MMP engine. This can be done in various ways – an attacker could place that file in a location typically scanned by the engine. “For example, an attacker could use a website to deliver a specially crafted file to the victim’s system that is scanned when the website is viewed by the user,” Microsoft explained.

Another way is if a malicious actor delivers the crafted file via an email message or in an Instant Messenger message that is scanned when the file is opened. The third option is if the attacker takes advantage of websites that accept or host user-provided content. The very same malicious file can be uploaded there to a shared location to be scanned by the engine running on the hosting server.

If the affected antimalware software has real-time protection turned on, the Microsoft Malware Protection Engine will scan files automatically, leading to exploitation of the vulnerability when the specially crafted file is scanned.

In case real-time scanning is not enabled, the attacker would have to wait until a scheduled scan takes place. All systems running an affected version of antimalware software are primarily at risk, meaning that users and admins should update immediately to avoid attacks.

How Did Microsoft Fix CVE-2018-0986?

Shortly put, the patch works by correcting the way Microsoft Malware Protection Engine scans specially crafted files.

Keep in mind that usually the built-in mechanism for the automatic detection and deployment of updates for Microsoft Malware Protection Engine takes care of the updating of affected systems. This mechanism applies the update within 2 days of the patch’s release.

Related Story: Worst Windows Remote Code Execution Bug in Recent Memory Found

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree