Microsoft Malware Protection Engine < 1.1.13804 Multiple Vulnerabilities

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

An antimalware application installed on the remote host is affected by
multiple vulnerabilities.

Description :

The version of Microsoft Malware Protection Engine (MMPE) installed on
the remote Windows host is prior to 1.1.13804.0. It is, therefore,
affected by multiple vulnerabilities :

- Multiple denial of service vulnerabilities exist due to
improper scanning of specially crafted files. An
unauthenticated, remote attacker can exploit these, by
convincing a user to download or open a malicious file,
to cause the monitoring service to stop. (CVE-2017-8535,
CVE-2017-8536, CVE-2017-8537, CVE-2017-8539,
CVE-2017-8542)

- Multiple memory corruption issues exist due to improper
validation of input when scanning specially crafted
files. An unauthenticated, remote attacker can exploit
these, by convincing a user to download or open a
malicious file, to cause a denial of service condition
or the possible execution of arbitrary code.
(CVE-2017-8538, CVE-2017-8541)

- A use-after-free error exists in the garbage collection
system used for managing JavaScript objects when
scanning specially crafted files. An unauthenticated,
remote attacker can exploit this, by convincing a user
to download or open a malicious file, to dereference
already freed memory and potentially execute arbitrary
code. (CVE-2017-8540)

- A flaw exits in the x86 emulator implementation for the
Win32 API due to improper restrictions on access to
certain NTDLL routines. An unauthenticated, remote
attacker can exploit this, by convincing a user to
download or open a malicious file, to execute arbitrary
code with SYSTEM privileges. (VulnDB 158110)

Note that Nessus has checked if a vulnerable version of MMPE is being
used by any of the following applications :

- Microsoft Forefront Endpoint Protection 2010

- Microsoft Endpoint Protection

- Microsoft Forefront Security for SharePoint

- Microsoft System Center Endpoint Protection

- Microsoft Security Essentials

- Windows Defender for Windows 7, Windows 8.1, Windows RT
8.1, Windows 10, Windows 10 1511, Windows 10 1607,
Windows 10 1703, and Windows Server 2016

- Windows Intune Endpoint Protection

See also :

http://www.nessus.org/u?f8fbaf43
http://www.nessus.org/u?11f499cd
http://www.nessus.org/u?e396b434
http://www.nessus.org/u?488a2d94
http://www.nessus.org/u?8c519ccb
http://www.nessus.org/u?e672c25a
http://www.nessus.org/u?bffe5e2f
http://www.nessus.org/u?b798c511
http://www.nessus.org/u?34db9ea8
https://bugs.chromium.org/p/project-zero/issues/detail?id=1260

Solution :

Enable automatic updates to update the scan engine for the relevant
antimalware applications. Refer to Knowledge Base Article 2510781 for
information on how to verify that MMPE has been updated.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now