MS Security Advisory 4022344: Security Update for Microsoft Malware Protection Engine

high Nessus Plugin ID 100051


The remote host has an antimalware application installed that is affected by a remote code execution vulnerability.


The version of Microsoft Malware Protection Engine (MMPE) installed on the remote Windows host is prior to 1.1.13704.0. It is, therefore, affected by a remote code execution vulnerability in the NScript component in mpengine.dll due to a type confusion error. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to execute arbitrary code in the security context of the LocalSystem account.

Nessus has checked if a vulnerable version of MMPE is being used by any of the following applications :

- Microsoft Forefront Endpoint Protection 2010
- Microsoft Endpoint Protection
- Microsoft Forefront Security for SharePoint
- Microsoft System Center Endpoint Protection
- Microsoft Security Essentials
- Windows Defender for Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows 10 1511, Windows 10 1607, Windows 10 1703, and Windows Server 2016
- Windows Intune Endpoint Protection


Enable automatic updates to update the scan engine for the relevant antimalware applications. Refer to KB4022344 for information on how to verify MMPE has been updated.

See Also

Plugin Details

Severity: High

ID: 100051

File Name: smb_kb4022344.nasl

Version: 1.10

Type: local

Agent: windows

Family: Windows

Published: 5/9/2017

Updated: 11/13/2019

Supported Sensors: Nessus Agent

Risk Information


Risk Factor: High

Score: 8.9


Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

CVSS Score Source: CVE-2017-0290


Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows, cpe:/a:microsoft:malware_protection_engine

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/9/2017

Vulnerability Publication Date: 5/9/2017

Reference Information

CVE: CVE-2017-0290

BID: 98330

MSKB: 4022344