CVE-2017-11937: Microsoft Malware Protection Engine Remote Code Execution Vulnerability


The Microsoft Malware Protection Engine (running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016), does not properly scan a specially crafted file leading to remote code execution.

This vulnerability belongs to the Malware Protection Engine, and can let a file take over your computer and run whatever it wants. To exploit this vulnerability, a specially crafted file must be scanned by an affected version of the Microsoft Malware Protection Engine.

There are many ways that an attacker could place a specially crafted file in a location that is scanned by the Microsoft Malware Protection Engine. For example, an attacker could use a website to deliver a specially crafted file to the victim’s system, and it would be scanned when the website is viewed by the user.

Solutions :

Microsoft has resolved the issue by providing an update for the vulnerability: msft-update-malware-protection-engine-1-1-14405-2.