Microsoft Malware Protection Engine vulnerabilities
25 known vulnerabilities affecting microsoft/malware_protection_engine.
Total CVEs
25
CISA KEV
2
actively exploited
Public exploits
4
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH16MEDIUM8
Vulnerabilities
Page 1 of 2
CVE-2026-41091HIGHCVSS 7.8KEV≥ 1.1.26030.3008, < 1.1.26040.82026-05-20
CVE-2026-41091 [HIGH] CWE-59 CVE-2026-41091: Improper link resolution before file access ('link following') in Microsoft Defender allows an autho
Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-45584HIGHCVSS 8.1≥ 1.1.26030.3008, < 1.1.26040.82026-05-20
CVE-2026-45584 [HIGH] CWE-122 CVE-2026-45584: Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code ove
Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.
nvd
CVE-2023-33156HIGHCVSS 7.0fixed in 1.1.23050.32023-07-11
CVE-2023-33156 [HIGH] CWE-367 CVE-2023-33156: Microsoft Defender Elevation of Privilege Vulnerability
Microsoft Defender Elevation of Privilege Vulnerability
nvd
CVE-2023-24860HIGHCVSS 7.5fixed in 1.1.20200.42023-04-11
CVE-2023-24860 [HIGH] CWE-400 CVE-2023-24860: Microsoft Defender Denial of Service Vulnerability
Microsoft Defender Denial of Service Vulnerability
nvd
CVE-2023-23389MEDIUMCVSS 6.3v1.1.20000.22023-03-14
CVE-2023-23389 [MEDIUM] CWE-367 CVE-2023-23389: Microsoft Defender Elevation of Privilege Vulnerability
Microsoft Defender Elevation of Privilege Vulnerability
nvd
CVE-2022-37971HIGHCVSS 7.1fixed in 1.1.19700.22022-10-11
CVE-2022-37971 [HIGH] CVE-2022-37971: Microsoft Windows Defender Elevation of Privilege Vulnerability
Microsoft Windows Defender Elevation of Privilege Vulnerability
nvd
CVE-2022-24548MEDIUMCVSS 5.5fixed in 1.1.19100.52022-04-15
CVE-2022-24548 [MEDIUM] CVE-2022-24548: Microsoft Defender Denial of Service Vulnerability
Microsoft Defender Denial of Service Vulnerability
nvd
CVE-2021-42298HIGHCVSS 7.8fixed in 1.1.18700.32021-11-10
CVE-2021-42298 [HIGH] CWE-94 CVE-2021-42298: Microsoft Defender Remote Code Execution Vulnerability
Microsoft Defender Remote Code Execution Vulnerability
nvd
CVE-2021-34471HIGHCVSS 7.8fixed in 1.1.18400.42021-08-12
CVE-2021-34471 [HIGH] CWE-269 CVE-2021-34471: Microsoft Windows Defender Elevation of Privilege Vulnerability
Microsoft Windows Defender Elevation of Privilege Vulnerability
nvd
CVE-2021-34522HIGHCVSS 7.8fixed in 1.1.18242.02021-07-14
CVE-2021-34522 [HIGH] CVE-2021-34522: Microsoft Defender Remote Code Execution Vulnerability
Microsoft Defender Remote Code Execution Vulnerability
nvd
CVE-2021-31985HIGHCVSS 8.8fixed in 1.1.18200.32021-06-08
CVE-2021-31985 [HIGH] CVE-2021-31985: Microsoft Defender Remote Code Execution Vulnerability
Microsoft Defender Remote Code Execution Vulnerability
nvd
CVE-2021-31978MEDIUMCVSS 5.5fixed in 1.1.18200.32021-06-08
CVE-2021-31978 [MEDIUM] CVE-2021-31978: Microsoft Defender Denial of Service Vulnerability
Microsoft Defender Denial of Service Vulnerability
nvd
CVE-2017-11940HIGHCVSS 7.8≤ 1.1.14306.02017-12-08
CVE-2017-11940 [HIGH] CVE-2017-11940: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Win
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution
nvd
CVE-2017-11937HIGHCVSS 7.8≤ 1.1.14306.02017-12-07
CVE-2017-11937 [HIGH] CWE-119 CVE-2017-11937: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Win
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code e
nvd
CVE-2017-8540HIGHCVSS 7.8KEVPoC≥ 1.1.13701.0, < 1.1.13704.02017-05-26
CVE-2017-8540 [HIGH] CVE-2017-8540: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Mic
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially cra
nvd
CVE-2017-8541HIGHCVSS 7.8PoC≤ 1.1.13704.02017-05-26
CVE-2017-8541 [HIGH] CVE-2017-8541: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Mic
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially cra
nvd
CVE-2017-8538HIGHCVSS 7.8PoC≤ 1.1.13704.02017-05-26
CVE-2017-8538 [HIGH] CWE-119 CVE-2017-8538: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Mic
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a speci
nvd
CVE-2017-8542MEDIUMCVSS 5.5≤ 1.1.13704.02017-05-26
CVE-2017-8542 [MEDIUM] CVE-2017-8542: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Mic
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially c
nvd
CVE-2017-8539MEDIUMCVSS 5.5≤ 1.1.13704.02017-05-26
CVE-2017-8539 [MEDIUM] CVE-2017-8539: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Mic
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially c
nvd
CVE-2017-0290HIGHCVSS 7.8PoC≤ 1.1.13701.02017-05-09
CVE-2017-0290 [HIGH] CWE-119 CVE-2017-0290: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Mic
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corrup
nvd
1 / 2Next →