KLA11029
Multiple vulnerabilities in the Microsoft Malware Protection Engine

Multiple serious vulnerabilities have been found in Microsoft Malware Protection Engine. Malicious users can exploit these vulnerabilities to cause a denial of service and execute arbitrary code.

Below is a complete list of vulnerabilities:

1. Multiple vulnerabilities related to an improper scanning leading to scan timeout can be exploited remotely via a specially designed file to cause a denial of service;
2. Multiple vulnerabilities related to an improper scanning leading to memory corruption can be exploited remotely via a specially designed file to execute arbitrary code.

Technical details

To exploit all vulnerabilities, an attacker has to put a specially designed file to a directory scanned by the Microsoft Malware Protection Engine. It can be done via a website when it is being viewed by a user, via email message or an Instant Messenger message or a shared location.

Microsoft Windows 7  Service Pack 1
Microsoft Windows 8.1
Microsoft Windows RT 8.1
Microsoft Windows 10 
Microsoft Windows Server 2008 Service Pack 2 
Microsoft Windows Server 2008 R2 Service Pack 1 
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016

Enterprise administrators or end users do not have to take any actions to install updates for Microsoft Malware Protection Engine because the update will be detected and applied automatically within 48 hours of release.

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/42092

https://www.exploit-db.com/exploits/42088

https://www.exploit-db.com/exploits/42081

https://www.exploit-db.com/exploits/42081

https://www.exploit-db.com/exploits/42081

https://www.exploit-db.com/exploits/42081

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.