Microsoft Malware Protection Engine < 1.1.13903 RCE

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote host has an antimalware application installed that is
affected by a remote code execution vulnerability.

Description :

The version of Microsoft Malware Protection Engine (MMPE) installed on
the remote Windows host is prior to 1.1.13903.0. It is, therefore,
affected by a remote code execution vulnerability due to improper
handling of files during scanning. An unauthenticated, remote attacker
can exploit this, via a specially crafted file, to execute arbitrary
code in the security context of the LocalSystem account. Note that
only x86 or 32-bit based versions of the MMPE are affected by this
vulnerability.

Nessus has checked if a vulnerable version of MMPE is being used by
any of the following applications :

- Microsoft Forefront Endpoint Protection 2010.

- Microsoft Endpoint Protection.

- Microsoft Forefront Security for SharePoint.

- Microsoft System Center Endpoint Protection.

- Microsoft Security Essentials.

- Windows Defender for Windows 7, Windows 8.1, Windows RT
8.1, Windows 10, Windows 10 1511, Windows 10 1607,
Windows 10 1703, and Windows Server 2016.

- Windows Intune Endpoint Protection.

See also :

http://www.nessus.org/u?cc6c4cd9

Solution :

Enable automatic updates to update the scan engine for the relevant
antimalware applications.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 101027 ()

Bugtraq ID: 99262

CVE ID: CVE-2017-8558

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now