Microsoft Defender Denial of Service Vulnerability [CVE-2019-1255]
CVE number – CVE-2019-1255
A denial of service vulnerability exists when Microsoft Defender improperly handles files. An attacker could exploit the vulnerability to prevent legitimate accounts from executing legitimate system binaries.
To exploit the vulnerability, an attacker would first require execution on the victim system.
The security update addresses the vulnerability by ensuring Microsoft Defender properly handles files.
| Last version of the Microsoft Malware Protection Engine affected by this vulnerability | Version 1.1.16300.1 |
| First version of the Microsoft Malware Protection Engine with this vulnerability addressed | Version 1.1.16400.2 |
Mitigations
Microsoft has not identified any mitigating factors for this vulnerability.
Workarounds
Microsoft has not identified any workarounds for this vulnerability.
Further details – https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1255
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.