The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Microsoft System Center Endpoint Protection

vulnerability bulletin CVE-2017-11937 CVE-2017-11940

Microsoft Malware Protection Engine: code execution

Synthesis of the vulnerability

An attacker can use a vulnerability of Microsoft Malware Protection Engine, in order to run code.
Impacted products: Exchange, Forefront Endpoint Protection, System Center Endpoint Protection, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 07/12/2017.
Revision date: 08/12/2017.
Identifiers: CERTFR-2017-AVI-456, CVE-2017-11937, CVE-2017-11940, VIGILANCE-VUL-24683.

Description of the vulnerability

An attacker can use a vulnerability of Microsoft Malware Protection Engine, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-8558

Microsoft Malware Protection Engine: privilege escalation via VFS API

Synthesis of the vulnerability

An attacker can create a malicious document, to corrupt the memory of Microsoft Malware Protection Engine, in order to gain LocalSystem privileges.
Impacted products: Forefront Endpoint Protection, System Center Endpoint Protection, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: document.
Creation date: 26/06/2017.
Identifiers: CERTFR-2017-AVI-194, CVE-2017-8558, VIGILANCE-VUL-23083.

Description of the vulnerability

An attacker can create a malicious document, to corrupt the memory of Microsoft Malware Protection Engine, in order to gain LocalSystem privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-0290

Microsoft Malware Protection Engine: code execution

Synthesis of the vulnerability

An attacker can send a malicious document or invite the victim to read a malicious document, in order to run code during the analysis by Microsoft Malware Protection Engine.
Impacted products: Forefront Endpoint Protection, Forefront Security for Exchange Server, System Center Endpoint Protection, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: document.
Creation date: 09/05/2017.
Revision date: 09/05/2017.
Identifiers: 1252, 4022344, CERTFR-2017-ALE-009, CERTFR-2017-AVI-151, CVE-2017-0290, VIGILANCE-VUL-22655.

Description of the vulnerability

The Microsoft Malware Protection Engine product analyzes files, searching for malware. It is used in several Microsoft security products (Windows Defender, Microsoft Security Essentials, etc.).

However, when a malicious file is analyzed, code runs with LocalSystem privileges in mpengine.dll.

An attacker can therefore send a malicious document or invite the victim to read a malicious document, in order to run code during the analysis by Microsoft Malware Protection Engine.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Microsoft System Center Endpoint Protection: