Remote Code Execution Vulnerability in Microsoft Malware Protection Engine
CVE-2017-0290
Key Information:
- Vendor
Microsoft
- Vendor
- CVE Published:
- 9 May 2017
Badges
What is CVE-2017-0290?
The Microsoft Malware Protection Engine, utilized by Microsoft Defender and Forefront, has a flaw that fails to effectively scan specially crafted files. This can result in memory corruption, allowing attackers to execute arbitrary code on affected systems. The vulnerability impacts various versions of Windows, posing a significant risk to users and organizations reliant on these products for security.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Microsoft Malware Protection Engine Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
87% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved