Hi @ll, versions of Microsoft Security Essentials before the current v4.2 (see <https://support.microsoft.com/kb/2805304>) have a vulnerability that could lead to execution of arbitrary code in the security context of the LocalSystem account (almost like <https://support.microsoft.com/kb/2781197> alias <http://technet.microsoft.com/security/bulletin/ms13-034>).
The "UninstallString" written to [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client] "UninstallString"="C:\\Program Files\\Microsoft Security Client\\Setup.exe /X" contains unquoted spaces. This command may be called by Windows Update Agent or deployment agents running under the LocalSystem account. Timeline: ~~~~~~~~~ 2012-12-05 vendor informed 2013-12-06 vendor acknowledged report 2013-02-13 vendor released fixed version Stefan Kanthak _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
