Staying alert! Microsoft Malware Protection Engine design limitation
Microsoft Releases Security Update 3rd April 2018:
Technical details: Explanation
1. Microsoft Malware Protection Engine runs as NT AUTHORITY\SYSTEM without sandboxing, and is remotely accessible without authentication via various Windows services,including Exchange, IIS,…etc
3. The attacker can invoke object vtable to pass arbitrary to other objects.
Remark: When an object is created, a pointer to this table, called the virtual table pointer, vpointer or VPTR, is added as a hidden member of this object.