On Wednesday, Microsoft posted a Security Alert that describes a nasty remote code execution bug in the Malware Protection Engine, mpengine.dll. Credit: Thinkstock/Microsoft Many malware researchers were surprised to find an unexpected patch on their machines yesterday. It didn’t arrive through the front door — Windows Update wasn’t involved. Instead, the new version of mpengine.dll arrived automatically, around the back, even if you have Windows Update turned off. This vulnerability is particularly nasty. If the Malware Protection Engine scans a jimmied file, the file can take over your computer and run whatever it wants. Since the MPE routinely runs all the time, in the background, that means a bad file could infect your computer in myriad ways. To quote Microsoft’s Security Vulnerability notice: There are many ways that an attacker could place a specially crafted file in a location that is scanned by the Microsoft Malware Protection Engine. For example, an attacker could use a website to deliver a specially crafted file to the victim’s system that is scanned when the website is viewed by the user. An attacker could also deliver a specially crafted file via an email message or in an Instant Messenger message that is scanned when the file is opened. In addition, an attacker could take advantage of websites that accept or host user-provided content, to upload a specially crafted file to a shared location that is scanned by the Malware Protection Engine running on the hosting server. … and that, my friend, is one whopper of a security hole. It’s easily on a par with the bug in the Malware Protection Engine’s JavaScript engine that I talked about on May 9. The list of affected systems reads like a who’s who of the Windows world: All versions of Win10, 8.1 and 7, Win RT 8.1, Server 2016, Forefront Endpoint Protection, Exchange Server, Server 2008 R2 with Desktop Experience. Those are only the supported versions of Windows. WinXP appears to be vulnerable as well, although there’s no fix being distributed. Catalin Cimpanu at bleepingcomputer has more details, including a pedigree that traces the discovery of the flaw to the U.K. National Cyber Security Centre. He lists three additional “crazy bad” security holes in mpengine.dll from earlier this year. To see if you’ve been updated properly, bring up Windows Defender. (I have instructions for Win 7, 8.1 and 10 in my May 9 report.) If you see Engine Version 1.1.14306 (screenshot) your machine hasn’t caught up yet. Woody Leonhard/IDG If your machine isn’t yet up to the latest version, 1.1.14405.2, I strongly suggest that you not touch the machine until it updates itself. Go get a cup of coffee, and it’ll likely be done by the time you’re back. Join us for more patching fun ‘n games on the AskWoody Lounge. Related content opinion Can AI tools help reduce Zoom fatigue? When it comes to meetings, whether in person or on video, can anything make them better? Yes, but it’s not the technology. By Steven Vaughan-Nichols May 06, 2024 5 mins Augmented Reality Generative AI Zoom Video Communications news analysis Apple earnings: About that iPhone 'slump' in China Based on information from Thursday's earnings report, it seems that data pointing to an iPhone slump in China were over-baked. By Jonny Evans May 03, 2024 9 mins iMac iPhone Apple news Microsoft begins to phase out ‘classic’ Teams Microsoft is encouraging Teams customers to move to the new, faster version of the collaboration app; the older version will be switched off next year. By Matthew Finnegan May 03, 2024 3 mins Microsoft Teams Collaboration Software Productivity Software news analysis Apple confirms it will open up the iPad in Europe this fall The latest efforts to comply with Europe’s Digital Markets Act mean developers can offer to side load apps to both iPhones and iPads in the EU. Apple has also taken steps to improve what it offers to smaller and non-commercial developers in the By Jonny Evans May 02, 2024 6 mins iPad Apple Mobile Apps Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe