MS Security Advisory 4022344: Security Update for Microsoft Malware Protection Engine
Critical Nessus Plugin ID 100051
SynopsisThe remote host has an antimalware application installed that is affected by a remote code execution vulnerability.
DescriptionThe version of Microsoft Malware Protection Engine (MMPE) installed on the remote Windows host is prior to 1.1.13704.0. It is, therefore, affected by a remote code execution vulnerability in the NScript component in mpengine.dll due to a type confusion error. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to execute arbitrary code in the security context of the LocalSystem account.
Nessus has checked if a vulnerable version of MMPE is being used by any of the following applications :
- Microsoft Forefront Endpoint Protection 2010
- Microsoft Endpoint Protection
- Microsoft Forefront Security for SharePoint
- Microsoft System Center Endpoint Protection
- Microsoft Security Essentials
- Windows Defender for Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows 10 1511, Windows 10 1607, Windows 10 1703, and Windows Server 2016
- Windows Intune Endpoint Protection
SolutionEnable automatic updates to update the scan engine for the relevant antimalware applications. Refer to KB4022344 for information on how to verify MMPE has been updated.