MS Security Advisory 4022344: Security Update for Microsoft Malware Protection Engine

high Nessus Plugin ID 100051
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote host has an antimalware application installed that is affected by a remote code execution vulnerability.


The version of Microsoft Malware Protection Engine (MMPE) installed on the remote Windows host is prior to 1.1.13704.0. It is, therefore, affected by a remote code execution vulnerability in the NScript component in mpengine.dll due to a type confusion error. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to execute arbitrary code in the security context of the LocalSystem account.

Nessus has checked if a vulnerable version of MMPE is being used by any of the following applications :

- Microsoft Forefront Endpoint Protection 2010
- Microsoft Endpoint Protection
- Microsoft Forefront Security for SharePoint
- Microsoft System Center Endpoint Protection
- Microsoft Security Essentials
- Windows Defender for Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows 10 1511, Windows 10 1607, Windows 10 1703, and Windows Server 2016
- Windows Intune Endpoint Protection


Enable automatic updates to update the scan engine for the relevant antimalware applications. Refer to KB4022344 for information on how to verify MMPE has been updated.

See Also

Plugin Details

Severity: High

ID: 100051

File Name: smb_kb4022344.nasl

Version: 1.10

Type: local

Agent: windows

Family: Windows

Published: 5/9/2017

Updated: 11/13/2019

Dependencies: smb_hotfixes.nasl, fcs_installed.nasl

Risk Information

CVSS Score Source: CVE-2017-0290


Risk Factor: Critical

Score: 9


Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C


Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows, cpe:/a:microsoft:malware_protection_engine

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/9/2017

Vulnerability Publication Date: 5/9/2017

Reference Information

CVE: CVE-2017-0290

BID: 98330

MSKB: 4022344