Дата обнаружения
|
09/05/2017 |
Уровень угрозы
|
Critical |
Описание
|
Multiple serious vulnerabilities have been found in Microsoft Malware Protection Engine. Malicious users can exploit these vulnerabilities to cause a denial of service and execute arbitrary code. Below is a complete list of vulnerabilities:
Technical details To exploit all vulnerabilities, an attacker has to put a specially designed file to a directory scanned by the Microsoft Malware Protection Engine. It can be done via a website when it is being viewed by a user, via email message or an Instant Messenger message or a shared location. |
Пораженные продукты
|
Microsoft Windows 7 Service Pack 1 |
Решение
|
Enterprise administrators or end users do not have to take any actions to install updates for Microsoft Malware Protection Engine because the update will be detected and applied automatically within 48 hours of release. |
Первичный источник обнаружения
|
CVE-2017-8540 CVE-2017-8539 CVE-2017-8538 CVE-2017-8542 CVE-2017-8535 CVE-2017-8541 CVE-2017-8537 CVE-2017-8536 CVE-2017-8542 CVE-2017-8541 CVE-2017-8540 CVE-2017-8539 CVE-2017-8538 CVE-2017-8537 CVE-2017-8536 CVE-2017-8535 |
Оказываемое влияние
?
|
ACE
[?]
DoS
[?]
|
Связанные продукты
|
Microsoft Windows 7 Microsoft Windows Server 2008 Windows RT Microsoft Exchange Server Microsoft Windows 10 |
CVE-IDS
|
CVE-2017-85420.0Unknown
CVE-2017-85419.3Critical CVE-2017-85409.3Critical CVE-2017-85394.3Warning CVE-2017-85389.3Critical CVE-2017-85374.3Warning CVE-2017-85364.3Warning CVE-2017-85354.3Warning |
Microsoft official advisories
|
Microsoft Security Update Guide |
Эксплуатация
|
The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/42092 https://www.exploit-db.com/exploits/42088 https://www.exploit-db.com/exploits/42081 https://www.exploit-db.com/exploits/42081 https://www.exploit-db.com/exploits/42081 https://www.exploit-db.com/exploits/42081 Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details. |