

REDMOND (dpa-AFX) - Microsoft has released security updates to fix a critical execution flaw in Windows Defender and other anti-malware products.



The issue, listed as CVE2018-0986, exists within Microsoft Malware Protection Engine also impacts Microsoft Security Essentials, Microsoft Forefront EndPoint Protection 2010, Microsoft Exchange Server 2013 and 2016, and Windows Intune Endpoint Protection.



Users will not be required to install updates manually as built-in tools will automatically update within 48 hours of their release.



The company said a remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption.



An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.



The update addresses the vulnerability by correcting the manner in which the Microsoft Malware Protection Engine scans specially crafted files.



