Published on: 04 April 2018
Microsoft has released a security update addressing a vulnerability in the Microsoft Malware Protection Engine. A malicious crafted file could be used to exploit the vulnerability when a crafted file is scanned by the affected engine. The crafted file could be delivered in several ways, such as enticing a user to open an attached file in an email message or an Instant Messenger message, uploading a file to a Windows-based shared location, or browsing a malicious website.
A successful attack could lead to remote code execution and take control of the affected system.
Patch for affected products will apply from built-in mechanism for the automatic detection and deployment of Microsoft Malware Protection Engine.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0986