KLA11029 Multiple vulnerabilities in the Microsoft Malware Protection Engine

Multiple serious vulnerabilities have been found in Microsoft Malware Protection Engine. Malicious users can exploit these vulnerabilities to cause a denial of service and execute arbitrary code.

Below is a complete list of vulnerabilities:

1. Multiple vulnerabilities related to an improper scanning leading to scan timeout can be exploited remotely via a specially designed file to cause a denial of service;
2. Multiple vulnerabilities related to an improper scanning leading to memory corruption can be exploited remotely via a specially designed file to execute arbitrary code.

Technical details

To exploit all vulnerabilities, an attacker has to put a specially designed file to a directory scanned by the Microsoft Malware Protection Engine. It can be done via a website when it is being viewed by a user, via email message or an Instant Messenger message or a shared location.

Original advisories

CVE-2017-8540

CVE-2017-8539

CVE-2017-8538

CVE-2017-8542

CVE-2017-8535

CVE-2017-8541

CVE-2017-8537

CVE-2017-8536

CVE-2017-8542

CVE-2017-8541

CVE-2017-8540

CVE-2017-8539

CVE-2017-8538

CVE-2017-8537

CVE-2017-8536

CVE-2017-8535

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-Windows-7

Microsoft-Windows-Server-2008

Windows-RT

Microsoft-Exchange-Server

Microsoft-Windows-10

CVE list

CVE-2017-8542 high

CVE-2017-8541 critical

CVE-2017-8540 critical

CVE-2017-8539 high

CVE-2017-8538 critical

CVE-2017-8537 high

CVE-2017-8536 high

CVE-2017-8535 high

KB list

Solution

Enterprise administrators or end users do not have to take any actions to install updates for Microsoft Malware Protection Engine because the update will be detected and applied automatically within 48 hours of release.

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

• Microsoft Windows 7 Service Pack 1Microsoft Windows 8.1Microsoft Windows RT 8.1Microsoft Windows 10Microsoft Windows Server 2008 Service Pack 2Microsoft Windows Server 2008 R2 Service Pack 1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows Server 2016Microsoft Exchange Server 2013Microsoft Exchange Server 2016