Multiple vulnerabilities in Microsoft Malware Protection Engine

Published: 2017-05-30 09:56:08 | Updated: 2017-05-30 09:57:21
Severity High
Patch available YES
Number of vulnerabilities 8
CVE ID CVE-2017-8535
CVE-2017-8536
CVE-2017-8537
CVE-2017-8538
CVE-2017-8539
CVE-2017-8540
CVE-2017-8541
CVE-2017-8542
CVSSv3 6.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
6.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
6.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CWE ID CWE-20
CWE-119
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #3 is available.
Public exploit code for vulnerability #4 is available.
Public exploit code for vulnerability #6 is available.
Public exploit code for vulnerability #7 is available.
Vulnerable software Microsoft Malware Protection Engine
Windows Defender
Microsoft Security Essentials
Microsoft Forefront Endpoint Protection
Microsoft Endpoint Protection
Microsoft Exchange Server
Windows Intune Endpoint Protection
Vulnerable software versions Microsoft Malware Protection Engine 1.1.13704.0
Windows Defender on Windows 7 for 32-bit Systems Service Pack 1
Windows Defender for Windows 8.1
Windows Defender for Windows RT 8.1
Windows Defender for Windows 10, Windows 10 1511, Windows 10 1607, Windows Server 2016, Windows 10 1703
Microsoft Security Essentials -
Microsoft Forefront Endpoint Protection 2010
Microsoft Endpoint Protection -
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Windows Intune Endpoint Protection -
Vendor URL Microsoft

Security Advisory

1) Improper input validation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when processing specially crafted files within Microsoft Malware Protection Engine (mpengine.dll). A remote attacker can create a specially crafted file, pass it to the affected application and trigger a scan timeout.

Successful exploitation of the vulnerability may allow an attacker to disable anti-malware protection on the system until the affected service is restarted.

Remediation

Update Microsoft Malware Protection Engine (mpengine.dll) to version 1.1.13804.0.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8535

2) Improper input validation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when processing specially crafted files within Microsoft Malware Protection Engine (mpengine.dll). A remote attacker can create a specially crafted file, pass it to the affected application and trigger a scan timeout.

Successful exploitation of the vulnerability may allow an attacker to disable anti-malware protection on the system until the affected service is restarted.

Remediation

Update Microsoft Malware Protection Engine (mpengine.dll) to version 1.1.13804.0.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8536

3) Improper input validation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when processing specially crafted files within Microsoft Malware Protection Engine (mpengine.dll). A remote attacker can create a specially crafted file, pass it to the affected application and trigger a scan timeout.

Successful exploitation of the vulnerability may allow an attacker to disable anti-malware protection on the system until the affected service is restarted.

Remediation

Update Microsoft Malware Protection Engine (mpengine.dll) to version 1.1.13804.0.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8537

4) Memory corruption

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing specially crafted files within Microsoft Malware Protection Engine (mpengine.dll). A remote attacker can create a specially crafted file, pass it to the affected application, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Remediation

Update Microsoft Malware Protection Engine (mpengine.dll) to version 1.1.13804.0.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8538

5) Improper input validation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when processing specially crafted files within Microsoft Malware Protection Engine (mpengine.dll). A remote attacker can create a specially crafted file, pass it to the affected application and trigger a scan timeout.

Successful exploitation of the vulnerability may allow an attacker to disable anti-malware protection on the system until the affected service is restarted.

Remediation

Update Microsoft Malware Protection Engine (mpengine.dll) to version 1.1.13804.0.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8539

6) Memory corruption

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing specially crafted files within Microsoft Malware Protection Engine (mpengine.dll). A remote attacker can create a specially crafted file, pass it to the affected application, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Remediation

Update Microsoft Malware Protection Engine (mpengine.dll) to version 1.1.13804.0.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8540

7) Memory corruption

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing specially crafted files within Microsoft Malware Protection Engine (mpengine.dll). A remote attacker can create a specially crafted file, pass it to the affected application, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Remediation

Update Microsoft Malware Protection Engine (mpengine.dll) to version 1.1.13804.0.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8541

8) Improper input validation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when processing specially crafted files within Microsoft Malware Protection Engine (mpengine.dll). A remote attacker can create a specially crafted file, pass it to the affected application and trigger a scan timeout.

Successful exploitation of the vulnerability may allow an attacker to disable anti-malware protection on the system until the affected service is restarted.

Remediation

Update Microsoft Malware Protection Engine (mpengine.dll) to version 1.1.13804.0.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8542

Back to List