SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Microsoft Forefront Protection Vendors:   Microsoft
(Microsoft Issues Fix for Microsoft Forefront Endpoint Protection) Microsoft Malware Protection Engine File Processing Flaws Let Remote Users Deny Service and Execute Arbitrary Code
SecurityTracker Alert ID:  1038574
SecurityTracker URL:  http://securitytracker.com/id/1038574
CVE Reference:   CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, CVE-2017-8538, CVE-2017-8539, CVE-2017-8540, CVE-2017-8541, CVE-2017-8542   (Links to External Site)
Date:  May 26 2017
Impact:   Denial of service via local system, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Microsoft Malware Protection Engine. A remote user can cause arbitrary code to be executed on the target system. A local user can cause denial of service conditions on the target system. Microsoft Forefront Endpoint Protection is affected.

A remote user can create a specially crafted file that, when scanned by the target Microsoft Malware Protection Engine, will execute arbitrary code on the target system [CVE-2017-8538, CVE-2017-8540, CVE-2017-8541]. The code will run with LocalSystem privileges.

A remote user can create a specially crafted file that, when scanned by the target Microsoft Malware Protection Engine, will cause a scan timeout on the target system [CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, CVE-2017-8542]. As a result, the Microsoft Malware Protection Engine service will not monitor the target system until the service is restarted.

Mateusz Jurczyk of Google Project Zero reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code with LocalSystem privileges on the target system.

A local user can prevent the target Microsoft Malware Protection Engine from monitoring the target system. A service restart is required to return the system to normal operations.

Solution:   Microsoft has issued a fix for Microsoft Forefront Endpoint Protection (Microsoft Malware Protection Engine 1.1.13804.0).

The Microsoft advisories are available at:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8535
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8536
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8537
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8538
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8539
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8540
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8541
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8542

Vendor URL:  portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8542 (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
May 26 2017 Microsoft Malware Protection Engine File Processing Flaws Let Remote Users Deny Service and Execute Arbitrary Code



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC