Forefront not updating automatically
The exact time frame depends on the software used, Internet connection, and infrastructure configuration.
Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Engine updates and malware definitions, is working as expected in their environment.For more information, visit the Microsoft Malware Protection Center website. An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted. To exploit this vulnerability, a specially crafted file must be scanned by an affected version of the Microsoft Malware Protection Engine.There are many ways that an attacker could place a specially crafted file in a location that is scanned by the Microsoft Malware Protection Engine.If real-time scanning is not enabled, the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited.In addition, exploitation of the vulnerability could occur when the system is scanned using an affected version of the Malicious Software Removal Tool (MSRT).For example, an attacker could use a website to deliver a specially crafted file to the victim's system that is scanned when the website is viewed by the user.
An attacker could also deliver a specially crafted file via an email message or in an Instant Messenger message that is scanned when the file is opened.
Customers can also choose to manually check for updates at any time. Refer to the section, Suggested Actions, for details on how to install this update. The Microsoft Malware Protection Engine, mpengine.dll, provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software. The vulnerability is caused when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to a scan timeout.
Where can I find more information about Microsoft antimalware technology? What might an attacker use the vulnerability to do?
For more information on how to verify the engine version number that your software is currently using, see the section, "Verifying Update Installation", in Microsoft Knowledge Base Article 2510781. Affected Software The following table provides an exploitability assessment of the vulnerability addressed in this advisory. Use this table to learn about the likelihood of functioning exploit code being released within 30 days of this advisory release.
You should review the assessment below, in accordance with your specific configuration, in order to prioritize your deployment.
Published: June 17, 2014 Version: 1.0 Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft.