登录查看更多内容

Do You Use Windows Defender for Anti-Virus? Microsoft Security Products CVE-2017-02

Felix Gorovodsky MScIT, MBA, PMP

数字，技术和业务转型负责人| 向我们和国际各地的工作机会开放。

发布日期: 2017年5月15日

A few days ago, Google Security Research published a POC detailing a vulnerability in Microsoft's Malware Protection service's MsMpEng engine.

The main component is called mpengine.dll. This is responsible for scanning and analyzing various files. It contains various interpreters and emulators for analyzing various file formats, compression and encryption algorithms.

Scanning the provided POC using Windows 7's Windows Defender, we get the following crash notification:

After restarting, and checking the running processes from the task manager, we concluded that MsMpEng was not present for this setup. We then checked the services tab of task manager and found the following:

Searching the PID 3420 in the process list, we see that the service is attached to svchost.exe:

We then attached the debugger to this instance of svchost and attempted to scan the POC.

As it turns out, the vulnerable function is found in mpengine.dll's MPContainerWrite.

要查看或添加评论，请登录

Felix Gorovodsky MScIT, MBA, PMP的更多文章

The Imperative of Robust IT Infrastructure for Data Protection and BYOD Policies as Businesses Transition to the “In-Office” Environment

2023年6月11日

The Imperative of Robust IT Infrastructure for Data Protection and BYOD Policies as Businesses Transition to the “In-Office” Environment

As businesses gradually shift back to the traditional “in-office” environment, the need for a robust IT infrastructure…
Golden Rules to Considerate Conduct & Adequate while Participating in Webinars and Video Conferences

2021年1月18日

Golden Rules to Considerate Conduct & Adequate while Participating in Webinars and Video Conferences

As 2021, has come and we see the light at the end of the Tunnel of COVID-19 Pandemic. Our thought of going back to…
Why do A-Star employes leave fantastic companies? It's simply the Shadow Culture that management overlooks.

2019年6月10日

Why do A-Star employes leave fantastic companies? It's simply the Shadow Culture that management overlooks.

Have you ever heard of Shadow Culture? Yes, then you already know what I'm going to talk about. However, if you haven't…
Management isn't just a job title

2018年12月25日

Management isn't just a job title

As we live in a world, where we push for the next stepping stone with in our careers. We find that, there are…
Holiday Awareness, When it come to Scams and Spam

2017年12月5日

Holiday Awareness, When it come to Scams and Spam

Happy Holiday to everyone on LinkedIn, For those of whom are work in the Information Technology, as IT Managers…
WhyCry Ransomware Sneaking around in the Wild.

2017年6月19日

WhyCry Ransomware Sneaking around in the Wild.

WhyCry encrypts the victims files with a strong encryption algorithm until the victim pays a fee to get them back. Once…
Shive Ransomware Virus - What a Horror!!

2017年6月12日

Shive Ransomware Virus - What a Horror!!

The malicious file pretends to be a PDF file and uses the following icon: Upon successful execution, it then proceeds…
What you should know about EternalBlue exploit and WannaCry Ransomware?

2017年5月22日

What you should know about EternalBlue exploit and WannaCry Ransomware?

Since last weekend, the outbreak of WannaCry ransomeware has became the headline of the security news. This worm attack…
Deadly Ransomware, for all Industry.

2017年5月12日

Deadly Ransomware, for all Industry.

For a few hours, bad news are spreading quickly about a massive wave of infections by a new ransomware called…
A New Age of Ransomware - The Latest One known as Karmen

2017年5月9日

A New Age of Ransomware - The Latest One known as Karmen

A threat of ransomware has been found withing a Hidden-Tear Kit family known as Karmen. As expected, this ransomware…

See all articles

Do You Use Windows Defender for Anti-Virus? Microsoft Security Products CVE-2017-02

Felix Gorovodsky MScIT, MBA, PMP

数字，技术和业务转型负责人| 向我们和国际各地的工作机会开放。

Felix Gorovodsky MScIT, MBA, PMP的更多文章

社区洞察

其他会员也浏览了

Alert: Ravaging AcidPour Malware Strikes Linux X86 Devices

Uncovered LOLBAS:)

Using Linux utmpdump for Forensics and Detecting Log File Tampering

You can see but you can't... - A bizarre Windows-10 bug causing BSOD

Basic Linux Malware Process Forensics for Incident Responders

Ransomware Attack through Microsoft Signed Drivers

Microsoft warns about high-risk worm infecting lots of Windows networks!!!

This is the year Windows 10 dies: How to prepare your business

This is the year Windows 10 dies: How to prepare your business

GitHub Comments Abused to Spread Malware in Fake Microsoft Repositories

Felix Gorovodsky MScIT, MBA, PMP的更多文章

The Imperative of Robust IT Infrastructure for Data Protection and BYOD Policies as Businesses Transition to the “In-Office” Environment

Golden Rules to Considerate Conduct & Adequate while Participating in Webinars and Video Conferences

Why do A-Star employes leave fantastic companies? It's simply the Shadow Culture that management overlooks.

Management isn't just a job title

Holiday Awareness, When it come to Scams and Spam

WhyCry Ransomware Sneaking around in the Wild.

Shive Ransomware Virus - What a Horror!!

What you should know about EternalBlue exploit and WannaCry Ransomware?

Deadly Ransomware, for all Industry.

A New Age of Ransomware - The Latest One known as Karmen

社区洞察

其他会员也浏览了

Alert: Ravaging AcidPour Malware Strikes Linux X86 Devices

Uncovered LOLBAS:)

Using Linux utmpdump for Forensics and Detecting Log File Tampering

You can see but you can't... - A bizarre Windows-10 bug causing BSOD

Basic Linux Malware Process Forensics for Incident Responders

Ransomware Attack through Microsoft Signed Drivers

Microsoft warns about high-risk worm infecting lots of Windows networks!!!

This is the year Windows 10 dies: How to prepare your business

This is the year Windows 10 dies: How to prepare your business

GitHub Comments Abused to Spread Malware in Fake Microsoft Repositories