Note to readers

This publication does not currently meet the Government of Canada's Web Standards. The information remains valid.

Microsoft Malware Protection Engine security update

Number: AV17-075
Date: 30 May 2017

Purpose

The purpose of this advisory is to bring attention to a recent security update to Microsoft Malware Protection Engine.

Assessment

CCIRC is aware of a critical vulnerability in the Microsoft Malware Protection Engine.  Exploitation of this vulnerability may allow for remote code execution with elevated privileges and/or create denial of service conditions.

Affected Versions:  Microsoft Malware Protection Engine version 1.1.13704.0 and prior

CVE References: CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, CVE-2017-8538, CVE-2017-8539,
CVE-2017-8540, CVE-2017-8541, CVE-2017-8542

Suggested action

CCIRC recommends that owner/operators test and deploy the vendor released updates or workarounds to affected platforms accordingly.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8535
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8536
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8537
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8538
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8539
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8540
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8541
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8542

Date modified: