Vulnerability

Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of Privilege

Publish date: March 05, 2013

CVE-2011-0037

SEVERITY

HIGH

//  ADVISORY DATE

24 FEB 2011


DESCRIPTION

Microsoft has just issued an advisory about a vulnerability in the Microsoft Malware Protection Engine. If the said flaw is exploited, elevated privileges are granted to a local user once the engine starts to scan after a system is infiltrated by an attacker using valid login credentials and has created a specially crafted registry key. This, in turn, may grant the attacker the same privileges as the local user. Microsoft has also found that anonymous users could not exploit this vulnerability.

TREND MICRO PROTECTION INFORMATION

For more information, please refer to this Microsoft page:

AFFECTED SOFTWARE AND VERSION

  • Windows Live OneCare
  • Microsoft Security Essentials
  • Microsoft Windows Defender
  • Microsoft Forefront Client Security
  • Microsoft Forefront Endpoint Protection 2010
  • Microsoft Malicious Software Removal Tool

Featured Stories

Connect with us on