8 RCE, DoS holes in Microsoft Malware Protection Engine plugged

After the discovery and the fixing of a “crazy bad” remote code execution flaw in the Microsoft Malware Protection Engine earlier this month, now comes another MMPE security update that plugs eight flaws that could lead to either remote code execution or to denial of service.

Given that the Microsoft Malware Protection Engine powers a number of Microsoft antimalware software, DoS vulnerabilities should be considered serious, since a successfully exploited vulnerability could prevent the MMPE from monitoring affected systems until the service is restarted.

Microsoft Malware Protection Engine flaws

All these vulnerabilities – CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, CVE-2017-8538, CVE-2017-8539, CVE-2017-8540, CVE-2017-8541, CVE-2017-8542 – have been flagged by Google Project Zero researcher Mateusz Jurczyk, and were discovered through fuzzing.

No specific details were offered about them, except that they can be triggered by a specially crafted file that has to be scanned by an affected version of the MMPE in order for the exploit to work.

Such a file could be offered for download on a website, or delivered via email or instant message. “In addition, an attacker could take advantage of websites that accept or host user-provided content, to upload a specially crafted file to a shared location that is scanned by the Malware Protection Engine running on the hosting server,” Microsoft noted.

The security issues have been fixed in version 1.1.13804.0 of the Microsoft Malware Protection Engine.

The newest version of the engine is usually automatically downloaded and implemented by the security software that uses it.

Still, users who would like to verify whether the latest version of the MMPE and definition updates are being actively downloaded and installed for their Microsoft antimalware products can do so by clicking on the software’s Help tab, then choosing the “About [that specific software]” option.