Microsoft Malware Protection Engine < 1.1.13903 RCE
Critical Nessus Plugin ID 101027
SynopsisThe remote host has an antimalware application installed that is affected by a remote code execution vulnerability.
DescriptionThe version of Microsoft Malware Protection Engine (MMPE) installed on the remote Windows host is prior to 1.1.13903.0. It is, therefore, affected by a remote code execution vulnerability due to improper handling of files during scanning. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to execute arbitrary code in the security context of the LocalSystem account. Note that only x86 or 32-bit based versions of the MMPE are affected by this vulnerability.
Nessus has checked if a vulnerable version of MMPE is being used by any of the following applications :
- Microsoft Forefront Endpoint Protection 2010.
- Microsoft Endpoint Protection.
- Microsoft Forefront Security for SharePoint.
- Microsoft System Center Endpoint Protection.
- Microsoft Security Essentials.
- Windows Defender for Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows 10 1511, Windows 10 1607, Windows 10 1703, and Windows Server 2016.
- Windows Intune Endpoint Protection.
SolutionEnable automatic updates to update the scan engine for the relevant antimalware applications.