1 Reply Latest reply on May 9, 2017 11:12 AM by cwinning

    Any ETA on CVE-2017-0290?

    eswan Rookie

      Any ETA on the availability of a patch for CVE-2017-0290, Microsoft Malware Protection Engine Remote Code Execution Vulnerability? Looks like a particularly nasty one.

        • 1. Re: Any ETA on CVE-2017-0290?
          cwinning CommunityTeam

          Hello,

           

          That refers to Defender Definition update and\or an engine update, Protect doesn't support these updates since their not bulletins or even updates.

           

          Here is the Microsoft article:  Microsoft Security Advisory 4022344

           

          Is Microsoft releasing a Security Bulletin to address this vulnerability?
          No. Microsoft is releasing this informational security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft.

          Typically, no action is required of enterprise administrators or end users to install this update.

           

          Why is no action required to install this update?
          In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.

           

          Thanks,

          Charles