Summary
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2007-02-13 |
| Product | Windows Defender | Last view | 2023-11-14 |
| Version | Type | ||
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:a:microsoft:windows_defender:-:*:*:*:*:*:*:* | 21 |
| cpe:2.3:a:microsoft:windows_defender:*:*:*:*:*:*:*:* | 8 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2023-11-14 | CVE-2023-36422 | Microsoft Windows Defender Elevation of Privilege Vulnerability |
| 7.8 | 2023-08-08 | CVE-2023-38175 | Microsoft Windows Defender Elevation of Privilege Vulnerability |
| 7.8 | 2021-02-25 | CVE-2021-24092 | Microsoft Defender Elevation of Privilege Vulnerability |
| 7.8 | 2021-01-12 | CVE-2021-1647 | Microsoft Defender Remote Code Execution Vulnerability |
| 7.1 | 2020-07-14 | CVE-2020-1461 | An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'. |
| 7.8 | 2020-06-09 | CVE-2020-1170 | An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1163. |
| 7.8 | 2020-06-09 | CVE-2020-1163 | An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1170. |
| 7.1 | 2020-04-15 | CVE-2020-1002 | An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'. |
| 7.8 | 2020-04-15 | CVE-2020-0835 | An elevation of privilege vulnerability exists when Windows Defender antimalware platform improperly handles hard links, aka 'Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability'. |
| 7.5 | 2019-09-23 | CVE-2019-1255 | A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'. |
| 7.1 | 2019-08-14 | CVE-2019-1161 | An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'. |
| 7.8 | 2017-06-29 | CVE-2017-8558 | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703 does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". |
| 5.5 | 2017-05-26 | CVE-2017-8542 | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539. |
| 7.8 | 2017-05-26 | CVE-2017-8541 | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8540. |
| 7.8 | 2017-05-26 | CVE-2017-8540 | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8541. |
| 5.5 | 2017-05-26 | CVE-2017-8539 | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8542. |
| 7.8 | 2017-05-26 | CVE-2017-8538 | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8540 and CVE-2017-8541. |
| 5.5 | 2017-05-26 | CVE-2017-8537 | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8539, and CVE-2017-8542. |
| 5.5 | 2017-05-26 | CVE-2017-8536 | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542. |
| 5.5 | 2017-05-26 | CVE-2017-8535 | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542. |
| 7.8 | 2017-05-09 | CVE-2017-0290 | The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." |
| 6.9 | 2013-07-09 | CVE-2013-3154 | The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability." |
| 7.2 | 2013-04-09 | CVE-2013-0078 | The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka "Microsoft Antimalware Improper Pathname Vulnerability." |
| 7.2 | 2011-02-25 | CVE-2011-0037 | Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key. |
| 5 | 2008-05-13 | CVE-2008-1438 | Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with "crafted data structures" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 30% (10) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 15% (5) | CWE-674 | Uncontrolled Recursion |
| 15% (5) | CWE-476 | NULL Pointer Dereference |
| 15% (5) | CWE-369 | Divide By Zero |
| 9% (3) | CWE-20 | Improper Input Validation |
| 6% (2) | CWE-399 | Resource Management Errors |
| 3% (1) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 3% (1) | CWE-269 | Improper Privilege Management |
| 3% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:13981 | Microsoft Malware Protection Engine Vulnerability-I |
| oval:org.mitre.oval:def:14375 | Microsoft Malware Protection Engine Vulnerability-II |
| oval:org.mitre.oval:def:16293 | Elevation of privilege vulnerability in Windows Defender - MS13-034 |
| oval:org.mitre.oval:def:17253 | Microsoft Windows Defender Improper Pathname Vulnerability - MS13-058 |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 71017 | Microsoft Malware Protection Engine (MMPE) Crafted Registry Key Local Privile... |
| 45028 | Microsoft Malware Protection Engine File Parsing Disk-space Exhaustion DoS |
| 45027 | Microsoft Malware Protection Engine File Parsing Service DoS |
| 31888 | Microsoft Malware Protection Engine PDF File Parsing Remote Code Execution |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2013-A-0137 | Microsoft Windows Defender Privilege Escalation Vulnerability Severity: Category II - VMSKEY: V0039210 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2021-02-11 | Microsoft Windows Defender buffer overflow attempt RuleID : 56860 - Type : FILE-EXECUTABLE - Revision : 1 |
| 2021-02-11 | Microsoft Windows Defender buffer overflow attempt RuleID : 56859 - Type : FILE-EXECUTABLE - Revision : 1 |
| 2021-02-11 | Microsoft Windows Defender buffer overflow attempt RuleID : 56858 - Type : FILE-EXECUTABLE - Revision : 1 |
| 2021-02-11 | Microsoft Windows Defender buffer overflow attempt RuleID : 56857 - Type : FILE-EXECUTABLE - Revision : 1 |
| 2020-11-05 | Microsoft Windows Defender privilege escalation attempt RuleID : 55923 - Type : OS-WINDOWS - Revision : 1 |
| 2020-11-05 | Microsoft Windows Defender privilege escalation attempt RuleID : 55922 - Type : OS-WINDOWS - Revision : 1 |
| 2020-09-17 | Microsoft Malware Protection Engine denial-of-service attempt RuleID : 54788 - Type : FILE-EXECUTABLE - Revision : 1 |
| 2020-09-17 | Microsoft Malware Protection Engine denial-of-service attempt RuleID : 54787 - Type : FILE-EXECUTABLE - Revision : 1 |
| 2020-03-10 | Microsoft Windows MsMpEng JavaScript garbage collection use after free attempt RuleID : 53060 - Type : OS-WINDOWS - Revision : 1 |
| 2020-03-10 | Microsoft Windows MsMpEng JavaScript garbage collection use after free attempt RuleID : 53059 - Type : OS-WINDOWS - Revision : 1 |
| 2020-01-14 | Microsoft Malware Protection Engine type confusion attempt RuleID : 52462 - Type : OS-WINDOWS - Revision : 1 |
| 2020-01-14 | Microsoft Malware Protection Engine type confusion attempt RuleID : 52461 - Type : OS-WINDOWS - Revision : 1 |
| 2020-01-14 | Microsoft Malware Protection Engine type confusion attempt RuleID : 52460 - Type : OS-WINDOWS - Revision : 1 |
| 2020-01-14 | Microsoft Malware Protection Engine type confusion attempt RuleID : 52459 - Type : OS-WINDOWS - Revision : 1 |
| 2020-01-14 | Microsoft Malware Protection Engine type confusion attempt RuleID : 52458 - Type : OS-WINDOWS - Revision : 1 |
| 2020-01-14 | Microsoft Malware Protection Engine type confusion attempt RuleID : 52457 - Type : OS-WINDOWS - Revision : 1 |
| 2020-01-14 | Microsoft Malware Protection Engine type confusion attempt RuleID : 52456 - Type : OS-WINDOWS - Revision : 1 |
| 2020-01-14 | Microsoft Malware Protection Engine type confusion attempt RuleID : 52455 - Type : OS-WINDOWS - Revision : 1 |
| 2017-08-01 | Microsoft Windows MsMpEng custom apicall instruction use detected RuleID : 43381 - Type : OS-WINDOWS - Revision : 2 |
| 2017-08-01 | Microsoft Windows MsMpEng custom apicall instruction use detected RuleID : 43380 - Type : OS-WINDOWS - Revision : 2 |
| 2017-07-04 | Microsoft Windows MsMpEng JavaScript garbage collection use after free attempt RuleID : 43057 - Type : OS-WINDOWS - Revision : 3 |
| 2017-07-04 | Microsoft Windows MsMpEng JavaScript garbage collection use after free attempt RuleID : 43056 - Type : OS-WINDOWS - Revision : 3 |
| 2017-05-09 | Microsoft Malware Protection Engine type confusion attempt RuleID : 42821-community - Type : OS-WINDOWS - Revision : 2 |
| 2017-06-13 | Microsoft Malware Protection Engine type confusion attempt RuleID : 42821 - Type : OS-WINDOWS - Revision : 2 |
| 2017-05-09 | Microsoft Malware Protection Engine type confusion attempt RuleID : 42820-community - Type : OS-WINDOWS - Revision : 2 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2017-06-23 | Name: The remote host has an antimalware application installed that is affected by ... File: microsoft_mpeng_1_1_13903.nasl - Type: ACT_GATHER_INFO |
| 2017-05-31 | Name: An antimalware application installed on the remote host is affected by multip... File: microsoft_mpeng_1_1_13804.nasl - Type: ACT_GATHER_INFO |
| 2017-05-09 | Name: The remote host has an antimalware application installed that is affected by ... File: smb_kb4022344.nasl - Type: ACT_GATHER_INFO |
| 2013-07-10 | Name: The remote host is affected by a privilege escalation vulnerability. File: smb_nt_ms13-058.nasl - Type: ACT_GATHER_INFO |
| 2013-04-10 | Name: The Microsoft Antimalware Client on the remote host is affected by a privileg... File: smb_nt_ms13-034.nasl - Type: ACT_GATHER_INFO |
| 2011-02-25 | Name: The remote host has an application that is affected by a local privilege esca... File: smb_kb2491888.nasl - Type: ACT_GATHER_INFO |
| 2008-05-13 | Name: It is possible to crash the antimalware program. File: smb_nt_ms08-029.nasl - Type: ACT_GATHER_INFO |
| 2007-02-13 | Name: Arbitrary code can be executed on the remote host through the AntiMalware pro... File: smb_nt_ms07-010.nasl - Type: ACT_GATHER_INFO |
