Microsoft Security Bulletin MS08-029 - Moderate
Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service (952044)
This security update resolves two privately reported vulnerabilities in the Microsoft Malware Protection Engine. An attacker could exploit either of the vulnerabilities by constructing a specially crafted file that could allow denial of service when received by the target computer system and scanned by the Microsoft Malware Protection Engine. An attacker who successfully exploited either vulnerability could cause the Microsoft Malware Protection Engine to stop responding and automatically restart.
The Microsoft Malware Protection Engine is a part of several Microsoft products. Depending upon which product is installed, this security update has different severity ratings. This security update is rated Moderate for Windows Live OneCare, Microsoft Antigen for Exchange, Microsoft Antigen for SMTP Gateway, Microsoft Windows Defender, Microsoft Forefront Client Security, Microsoft Forefront Security for Exchange Server and Microsoft Forefront Security for SharePoint. This security update is rated Low for Standalone System Sweeper located in Diagnostics and Recovery Toolset 6. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses the vulnerability by modifying the way that the Malware Protection Engine processes files. For more information about this vulnerability, see the Frequently Asked Questions (FAQ) subsection under the next section, Vulnerability Information.
Recommendation. Microsoft recommends that customers immediately ensure that they have the latest Microsoft Malware Protection Engine update. The affected software provides built-in mechanisms for the automatic detection and deployment of this update.
Known Issues. None
The following software have been tested to determine which versions or editions are affected. Other versions or editions are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, visit Microsoft Support Lifecycle.
|Software||Maximum Security Impact||Aggregate Severity Rating|
|Windows Live OneCare||Denial of Service||Moderate|
|Microsoft Antigen for Exchange||Denial of Service||Moderate|
|Microsoft Antigen for SMTP Gateway||Denial of Service||Moderate|
|Microsoft Windows Defender||Denial of Service||Moderate|
|Microsoft Forefront Client Security||Denial of Service||Moderate|
|Microsoft Forefront Security for Exchange Server||Denial of Service||Moderate|
|Microsoft Forefront Security for SharePoint||Denial of Service||Moderate|
|Standalone System Sweeper located in Diagnostics and Recovery Toolset 6.0||Denial of Service||Low|
Note These affected products provide built-in mechanisms for automatic detection and deployment of updates.
Microsoft thanks the following for working with us to help protect customers:
- Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.
- International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
- V1.0 (May 13, 2008): Bulletin published.