MS Security Advisory 2846338: Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution
High Nessus Plugin ID 66425
SynopsisThe remote host has an antimalware application that is affected by a code execution vulnerability.
DescriptionA vulnerable version of Microsoft Malware Protection Engine (MMPE) is installed on the remote host. Scanning a maliciously crafted file can result in arbitrary code execution. This plugin checks if a vulnerable version of MMPE is being used by any of the following applications :
- Microsoft Forefront Client Security
- Microsoft Malicious Software Removal Tool
- Microsoft Security Essentials
- Microsoft Security Essentials Prerelease
- Windows Defender for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
- Windows Defender for Windows 8
- Microsoft Forefront Endpoint Protection 2010
- Microsoft System Center 2012 Endpoint Protection
These applications are only affected if they are using a scan engine less than 1.1.9506.0 on a 64-bit host.
SolutionEnable automatic updates to update the scan engine for the relevant antimalware applications. Refer to KB2510781 for information on how to verify MMPE has been updated.