Msrc Microsoft Security Essentials vulnerabilities

CVE-2021-24092 [HIGH] Microsoft Defender Elevation of Privilege Vulnerability Microsoft Defender Elevation of Privilege Vulnerability FAQ: References Identification Last version of the Microsoft Malware Protection Engine affected by this vulnerability Version 1.1.17700.4 First version of the Microsoft Malware Protection Engine with this vulnerability addressed Version 1.1.17800.5 Why is no action required to install this update? In response to a constantly changing threat landscape, Mic

CVE-2021-1647 [HIGH] Microsoft Defender Remote Code Execution Vulnerability Microsoft Defender Remote Code Execution Vulnerability FAQ: References Identification Last version of the Microsoft Malware Protection Engine affected by this vulnerability Version 1.1.17600.5 First version of the Microsoft Malware Protection Engine with this vulnerability addressed Version 1.1.17700.4 See Manage Updates Baselines Microsoft Defender Antivirus for more information. Microsoft Defender is disabled

CVE-2020-1461 [HIGH] Microsoft Defender Elevation of Privilege Vulnerability Microsoft Defender Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted command that could exploit the vulnerability and delete protected files on an affected system

CVE-2020-1163 [HIGH] Microsoft Windows Defender Elevation of Privilege Vulnerability Microsoft Windows Defender Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

CVE-2020-1170 [HIGH] Microsoft Windows Defender Elevation of Privilege Vulnerability Microsoft Windows Defender Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

CVE-2020-1002 [HIGH] Microsoft Defender Elevation of Privilege Vulnerability Microsoft Defender Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted command that could exploit the vulnerability and delete protected files on an affected system

CVE-2019-1255 [HIGH] Microsoft Defender Elevation of Privilege Vulnerability Microsoft Defender Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Microsoft Defender improperly handles files. An attacker could exploit the vulnerability to overwrite the discretionary access control list (DACL) for a file. To exploit the vulnerability, an attacker would first require execution on the victim system. The security update addresses the vulnerability

CVE-2019-1161 [HIGH] Microsoft Defender Elevation of Privilege Vulnerability Microsoft Defender Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted command that could exploit the vulnerability and delete protected files on an affected system

CVE-2018-0986 [HIGH] Microsoft Malware Protection Engine Remote Code Execution Vulnerability Microsoft Malware Protection Engine Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take contr

CVE-2017-11940 [HIGH] Microsoft Malware Protection Engine Remote Code Execution Vulnerability Microsoft Malware Protection Engine Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take cont

CVE-2017-11937 [HIGH] Microsoft Malware Protection Engine Remote Code Execution Vulnerability Microsoft Malware Protection Engine Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take cont

CVE-2017-8558 [HIGH] Microsoft Malware Protection Engine Remote Code Execution Vulnerability Microsoft Malware Protection Engine Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take contr

CVE-2017-0290 [HIGH] Microsoft Malware Protection Engine Remote Code Execution Vulnerability Microsoft Malware Protection Engine Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take contr

CVE-2017-8541 [HIGH] Microsoft Malware Protection Engine Remote Code Execution Vulnerability Microsoft Malware Protection Engine Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take contr

CVE-2017-8538 [HIGH] Microsoft Malware Protection Engine Remote Code Execution Vulnerability Microsoft Malware Protection Engine Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take contr

CVE-2017-8540 [HIGH] Microsoft Malware Protection Engine Remote Code Execution Vulnerability Microsoft Malware Protection Engine Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take contr

CVE-2017-8537 [MEDIUM] Microsoft Malware Protection Engine Denial of Service Vulnerability Microsoft Malware Protection Engine Denial of Service Vulnerability Description: A denial of service vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to a scan timeout. An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the service is

CVE-2017-8536 [MEDIUM] Microsoft Malware Protection Engine Denial of Service Vulnerability Microsoft Malware Protection Engine Denial of Service Vulnerability Description: A denial of service vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to a scan timeout. An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the service is

CVE-2017-8542 [MEDIUM] Microsoft Malware Protection Engine Denial of Service Vulnerability Microsoft Malware Protection Engine Denial of Service Vulnerability Description: A denial of service vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to a scan timeout. An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the service is

CVE-2017-8539 [MEDIUM] Microsoft Malware Protection Engine Denial of Service Vulnerability Microsoft Malware Protection Engine Denial of Service Vulnerability Description: A denial of service vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to a scan timeout. An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the service is