4 Replies Latest reply on May 9, 2017 4:14 PM by anthony.swanson

    MS Emergency Security Update 4022344

    patterse Rookie

      Is there anything those of us who use Shavlik Protect 9.2  (Standard) need to do to address the latest vulnerability discovered?  http://www.theregister.co.uk/2017/05/09/microsoft_windows_defender_security_hole/

       

      Security update 4022344 was released as an emergency release by MS, as I was told.

        • 1. Re: MS Emergency Security Update 4022344
          anthony.swanson SupportEmployee

          Hello,

           

          That refers to Defender Definition update and\or an engine update, Protect doesn't support these updates since their not bulletins or even updates.

           

          Here is the Microsoft article:  Microsoft Security Advisory 4022344

           

          Is Microsoft releasing a Security Bulletin to address this vulnerability?
          No. Microsoft is releasing this informational security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft.

          Typically, no action is required of enterprise administrators or end users to install this update.

           

          Why is no action required to install this update?
          In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.

           

          Thank you,

           

          Anthony    

          • 2. Re: MS Emergency Security Update 4022344
            eswan Rookie

            (replying here instead of my own identical thread)

            That's... unfortunate.

            It's a component of every version of windows since 7. I trust it's auto update capabilities just about as much I trust windows' ability.

            Does anybody know if disabling the WinDefend service is a valid mitigation? On our systems we use a third-party anti-virus, trusting

            Microsoft's anti-virus as much as Microsoft's update ability:) I couldn't even tell what vesion of Windows Defender was installed without

            starting the service. Once I did, it looks like it hasn't had an update since 8/8/2014, so it looks like it won't update unless the WinDefend

            service is running. I'll have to do some checking and see if Outlook calls the engine even without the service running.

            • 3. Re: MS Emergency Security Update 4022344
              eswan Rookie

              Looks like the stand alone updater is here--

              https://www.microsoft.com/en-us/security/portal/definitions/adl.aspx#manual

              Runs silently, took mine up to engine version 1.1.13704.0, but it looks like it also turned the WinDefend service back on.

               

              Can this be added to Shavlik protect, or do I need to script my own deployment?

              • 4. Re: MS Emergency Security Update 4022344
                anthony.swanson SupportEmployee

                Hello,

                 

                Virus definitions are not supported in Protect. You can certainly try using a custom action to try installing the update, but this would be a custom deployment and would be a best effort through our support team.

                 

                How To: Perform a Custom Action Complete Tutorial with Custom Actions

                 

                Custom Action - How to Work with Batch Files

                 

                It may be best to submit a feature request to ask for support on this in the future.

                How To: Submit a Feature Request

                 

                Thank you,

                 

                Anthony