Today, we released Security Advisory 2974294 to inform global customers about an update for the Microsoft Malware Protection Engine. This update addresses a privately disclosed issue and fixes a vulnerability that could allow a denial of service if the Microsoft Malware Protection Engine scans a specially crafted file.

Updates for the Microsoft Malware Protection Engine are sent through security advisories as there is typically no action required to install the update. This is due to the fact that the built-in mechanism for the automatic detection and deployment of updates will apply the update within 48 hours of release. There’s no action for you to take here – the engine will do it for you. The exact time frame depends on the software used, Internet connection, and infrastructure configuration.

We appreciate the researcher reporting this to us privately via Coordinated Vulnerability Disclosure (CVD) and for allowing us to release the update before there was any impact to our global customers.

Thank you,
Dustin Childs
Group Manager, Response Communications
Trustworthy Computing