Microsoft Malware Protection Engine Denial of Service Vulnerability


Systems Affected

Microsoft Malware Protection Engine prior to version 1.1.10701.0 running on the following Microsoft products:

Microsoft Forefront Client Security
Microsoft Forefront Endpoint Protection 2010
Microsoft Forefront Security for SharePoint Service Pack 3
Microsoft Malicious Software Removal Tool
Microsoft Security Essentials
Microsoft Security Essentials Prerelease
Microsoft System Center 2012 Endpoint Protection
Microsoft System Center 2012 Endpoint Protection Service Pack 1
Windows Defender for Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2
Windows Defender for Windows RT and Windows RT 8.1
Windows Defender for Windows XP, Windows Server 2003,
Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2
Windows Defender Offline
Windows Intune Endpoint Protection

Threat Level



A vulnerability has been reported in Microsoft Malware Protection Engine which could allow a remote attacker to cause the affected system to become unresponsive.


A vulnerability exists in Microsoft Malware Protection Engine due to improper scanning of specially crafted files. A remote attacker could exploit this vulnerability by enticing the user to visit a malicious website or convince the user to view an email containing a crafted file. Viewing the malicious website or crafted file could lead to a scan timeout during scanning by the affected software.

Successful exploitation of the vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed leading to denial of service conditions.


Solution/ Workarounds

  ✻  Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.



The information provided herein is on "as is" basis, without warranty of any kind.


© Copyright Sri Lanka CERT|CC. All Rights Reserved.