Microsoft Malware Protection Engine < 1.1.13903 RCE

high Nessus Plugin ID 101027


The remote host has an antimalware application installed that is affected by a remote code execution vulnerability.


The version of Microsoft Malware Protection Engine (MMPE) installed on the remote Windows host is prior to 1.1.13903.0. It is, therefore, affected by a remote code execution vulnerability due to improper handling of files during scanning. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to execute arbitrary code in the security context of the LocalSystem account. Note that only x86 or 32-bit based versions of the MMPE are affected by this vulnerability.

Nessus has checked if a vulnerable version of MMPE is being used by any of the following applications :

- Microsoft Forefront Endpoint Protection 2010.

- Microsoft Endpoint Protection.

- Microsoft Forefront Security for SharePoint.

- Microsoft System Center Endpoint Protection.

- Microsoft Security Essentials.

- Windows Defender for Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows 10 1511, Windows 10 1607, Windows 10 1703, and Windows Server 2016.

- Windows Intune Endpoint Protection.


Enable automatic updates to update the scan engine for the relevant antimalware applications.

See Also

Plugin Details

Severity: High

ID: 101027

File Name: microsoft_mpeng_1_1_13903.nasl

Version: 1.8

Type: local

Agent: windows

Family: Windows

Published: 6/23/2017

Updated: 11/13/2019

Supported Sensors: Nessus Agent

Risk Information


Risk Factor: Medium

Score: 6.7


Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:POC/RL:OF/RC:C

CVSS Score Source: CVE-2017-8558


Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows, cpe:/a:microsoft:malware_protection_engine

Required KB Items: SMB/Registry/Enumerated, SMB/ARCH

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/23/2017

Vulnerability Publication Date: 6/23/2017

Reference Information

CVE: CVE-2017-8558

BID: 99262