Results 1 to 2 of 2

Thread: Microsoft Security Advisory (2491888) for Microsoft Security Essentials

  1. #1
    Corrine's Avatar
    Corrine is offline Gold Member
    Join Date
    Jan 2009
    Location
    Upstate NY
    Posts
    961

    Default Microsoft Security Advisory (2491888) for Microsoft Security Essentials

    Because this Security Advisory relates to MSE, first things first, so no one panics --

    Mitigating Factors

    Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of this issue. The following mitigating factors may be helpful in your situation:

    An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.

    An attacker could use the Malicious Software Removal Tool (MSRT) to exploit this vulnerability only if MSRT has not already run on the system. For the majority of end users, the current version of the MSRT will already have downloaded and run automatically through automatic updating. {Bold Added}
    Microsoft is releasing this security advisory to help ensure customers are aware that an update to the Microsoft Malware Protection Engine also addresses a security vulnerability reported to Microsoft. The update addresses a privately reported vulnerability that could allow elevation of privilege if the Microsoft Malware Protection Engine scans a system after an attacker with valid logon credentials has created a specially crafted registry key. An attacker who successfully exploited the vulnerability could gain the same user rights as the LocalSystem account. The vulnerability could not be exploited by anonymous users.

    Since the Microsoft Malware Protection Engine is a part of several Microsoft anti-malware products, the update to the Microsoft Malware Protection Engine is installed along with the updated malware definitions for the affected products. Administrators of enterprise installations should follow their established internal processes to ensure that the definition and engine updates are approved in their update management software, and that clients consume the updates accordingly.



    Typically, no action is required of enterprise administrators or end users to install this update, because the built-in mechanism for the automatic detection and deployment of this update will apply the update within the next 48 hours. The exact time frame depends on the software used, Internet connection, and infrastructure configuration. {Bold Added}

  2. #2
    HappyAndyK's Avatar
    HappyAndyK is offline Site Administrator
    Join Date
    Jun 2008
    Posts
    7,559

    Default

    Ok - so atmost a 48 hours wait ....

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22