Microsoft Antimalware Client vulnerability could allow escalation of privilege
Report ID: MS201304007
Date Published: 10 April 2013
Compromise Type: privilege-escalation
Compromise From: local-system
Windows Defender for Windows 8 and Windows RT
A vulnerability in the Microsoft Antimalware Client could, if successfully exploited, allow an attacker to execute code in the context of the LocalSystem account.
Microsoft has issued a security update to address an escalation of privilege vulnerability in the Microsoft Antimalware Client, which was caused by the usage of improper pathnames. Upon successful exploitation, an attacker could be able to execute code in the context of the LocalSystem account.
The vulnerability issue has been fixed through the update which introduces correction in the way that Microsoft Antimalware Client uses pathnames. Users are recommended to install the update to protect their system from possible exploit attempts.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-034)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.