Test ID:	1.3.6.1.4.1.25623.1.0.812239
Category:	Windows
Title:	Microsoft Malware Protection Engine on Security Essentials Multiple RCE Vulnerabilities
Summary:	This host is missing an important security; update according to Microsoft Security Updates released for Microsoft Malware; Protection Engine dated 12/06/2017
Description:	Summary: This host is missing an important security update according to Microsoft Security Updates released for Microsoft Malware Protection Engine dated 12/06/2017 Vulnerability Insight: Multiple flaws exist when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption. Vulnerability Impact: Successful exploitation will allow an attacker to execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then: - install programs - view, change, or delete data - create new accounts with full user rights. Affected Software/OS: Microsoft Security Essentials. Solution: Run the Windows Update to update the malware protection engine to the latest version available. Typically, no action is required as the built-in mechanism for the automatic detection and deployment of updates will apply the update itself. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-11937 BugTraq ID: 102070 http://www.securityfocus.com/bid/102070 http://www.securitytracker.com/id/1039972 Common Vulnerability Exposure (CVE) ID: CVE-2017-11940 BugTraq ID: 102104 http://www.securityfocus.com/bid/102104
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.