Microsoft published an interesting Security Advisory today: KB2974294, describes a denial of service vulnerability in Microsoft’s Malware Protection Engine (MPE). A specifically crafted file can cause the MPE to lock up, requiring manual intervention. The solution is to delete the file and restart the service. MPE is found in a large number of Microsoft security products, including Forefront, Defender, MSRT and Security Essentials. The new fixed code should update itself within the next 48 hours. We are releasing detection "QID 122135 Microsoft Malware Protection Engine Denial of Service Vulnerability" to help monitor your organization’s state as far as this vulnerability is concerned.
Further Microsoft updated the descriptions for this month’s Internet Explorer update MS14-035, documenting an additional CVE (CVE-2014-2782) that is already being addressed by the patch. Also the GDI+ vulnerability in MS14-036 gets a documentation update to clarify its applicability in Office 2010 on Windows Server 2003.
Take a look at the new QID 122135 – it should not be found in your infrastructure or at least move downwards very quickly.