Staying alert! Microsoft Malware Protection Engine design limitation

Microsoft Releases Security Update 3rd April 2018:

https://portal.msrc.microsoft.com/en-US/security-guidance

Technical details: Explanation

1. Microsoft Malware Protection Engine runs as NT AUTHORITY\SYSTEM without sandboxing, and is remotely accessible without authentication via various Windows services,including Exchange, IIS,…etc

2. NScript is the component of Microsoft Malware Protection Engine that evaluates any filesystem or network activity that looks like JavaScript.

3. The attacker can invoke object vtable to pass arbitrary to other objects.

Remark: When an object is created, a pointer to this table, called the virtual table pointer, vpointer or VPTR, is added as a hidden member of this object.