MS Security Advisory 2974294: Vulnerability in Microsoft Malware Protection Engine Could Allow Denial of Service

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote host has an antimalware application that is affected by a
denial of service vulnerability.

Description :

A vulnerable version of Microsoft Malware Protection Engine (MMPE) is
installed on the remote host. Scanning a maliciously crafted file
could prevent the Malware Protection Engine from monitoring affected
systems until the file is manually removed and the service is
restarted. This plugin checks if a vulnerable version of MMPE is being
used by any of the following applications :

- Microsoft Forefront Client Security
- Microsoft Forefront Endpoint Protection 2010
- Microsoft System Center 2012 Endpoint Protection
- Microsoft Malicious Software Removal Tool
- Microsoft Security Essentials
- Microsoft Security Essentials Prerelease
- Windows Defender for Windows 8, Windows 8.1, Windows
Server 2012 and Windows Server 2012 R2
- Windows Defender for Windows XP, Windows Server 2003,
Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2

These applications are only affected if they are using a scan engine
prior to 1.1.10701.0.

See also :

https://technet.microsoft.com/library/security/2974294

Solution :

Enable automatic updates to update the scan engine for the relevant
antimalware applications. Refer to KB2510781 for information on how to
verify MMPE has been updated.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 76123 ()

Bugtraq ID: 68076

CVE ID: CVE-2014-2779

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now