CVE-2023-38175

FAQ

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker would be able to delete targeted files on a system.

1. Why is no action required to install this update?

In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.

For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Engine are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating.

Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Engine updates and malware definitions, is working as expected in their environment.

2. How often are the malware definitions updated?

Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed.

Depending on which Microsoft antimalware software is used and how it is configured, the software may search for engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time.

3. What is the MpSigStub.exe?

MpSigStub.exe is a component that’s responsible for installing definition updates.

4. Does this update contain any additional security-related changes to functionality?

Yes. In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features.

5. Where can I find more information about Microsoft antimalware technology?

For more information, visit the Microsoft Malware Protection Center website.

6. The definitions are not updating on my system. What do I do?

This security update is delivered only through definition updates. This cannot happen if Defender is in a disabled state (such as in the case of a third-party antivirus product providing real time protection). If Defender is disabled, you can delete the vulnerable file from the system: C:\WINDOWS\System32\MpSigStub.exe.

If Defender is re-enabled at a later time, MpSigStub.exe will be replaced only when updating signatures via Microsoft Update or WSUS. MpSigStub.exe will not be replaced via the standalone Mpam-fe.exe install through MMPC, or via UNC Path installs.

Suggested Actions

Verify that the update is installed

Customers should verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded and installed for their Microsoft antimalware products.

For more information on how to verify the version number for the Microsoft Malware Protection Engine that your software is currently using, see the section, "Verifying Update Installation", in Microsoft Knowledge Base Article 2510781.

If necessary, install the update

Administrators of enterprise antimalware deployments should ensure that their update management software is configured to automatically approve and distribute engine updates and new malware definitions. Enterprise administrators should also verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded, approved and deployed in their environment.

For end-users, the affected software provides built-in mechanisms for the automatic detection and deployment of this update. For these customers, the update will be applied within 48 hours of its availability. The exact time frame depends on the software used, Internet connection, and infrastructure configuration.

End users that do not wish to wait can manually update their antimalware software.

For more information on how to manually update the Microsoft Malware Protection Engine and malware definitions, refer to Microsoft Knowledge Base Article 2510781.