CVE-2021-42298

CWE-94 — Code Injection7 documents6 sources

Severity

7.8HIGH

EPSS

2.3%

top 15.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Malware Protection Engine Microsoft Malware Protection Engine

Timeline

PublishedNov 10

Latest updateMay 24

Description

Microsoft Defender Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDmicrosoft/malware_protection_engine< 1.1.18700.3

▶CVEListV5microsoft/microsoft_malware_protection_engine1.1.0.0 — 1.1.18700.3

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-hrr5-6mf9-3wxh: Microsoft Defender Remote Code Execution Vulnerability↗2022-05-24

▶

CVEList

Microsoft Defender Remote Code Execution Vulnerability↗2021-11-10

▶

VulnCheck

Microsoft Malware Protection Engine Improper Control of Generation of Code ('Code Injection')↗2021

▶

📋Vendor Advisories

Microsoft

Microsoft Defender Remote Code Execution Vulnerability↗2021-11-09

▶

🕵️Threat Intelligence

Qualys

Microsoft & Adobe Patch Tuesday (November 2021) – Microsoft 55 Vulnerabilities with 6 Critical, 6 Zero-Days. Adobe 4 Vulnerabilities | Qualys↗2021-11-11

▶

Qualys

Microsoft & Adobe Patch Tuesday (November 2021) – Microsoft 55 Vulnerabilities with 6 Critical, 6 Zero-Days. Adobe 4 Vulnerabilities↗2021-11-11

▶