Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Microsoft security update – Out-of-Band

Number: AV18-056
Date: 4 April 2018

Purpose

The purpose of this advisory is to bring attention to a recently released Microsoft Security Update which addresses failure to properly scan a specially crafted file, leading to memory corruption and remote code execution in the Microsoft Malware MalwareMalicious software designed to infiltrate or damage a computer system, without the owner's consent. Common forms of malware include computer viruses, worms, Trojans, spyware, and adware. Protection Engine.

Assessment

This advisory addresses the vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. by correcting how the Microsoft Malware Protection Engine scans specially crafted files.

Affected Products:

  • Microsoft Exchange Server 2013 and 2016
  • Microsoft Forefront Endpoint Protection 2010
  • Microsoft Security Essentials
  • Windows Defender
  • Windows Intune Endpoint Protection

CVE References: CVE-2018-0986

Suggested action

No action is required as the Microsoft Malware Protection Engine as a built-in and automatic updates feature. Update should be applied within forty-eight (48) hours of release by vendor.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986

Date modified: