Number: AV17-075
Date: 30 May 2017
Purpose
The purpose of this advisory is to bring attention to a recent security update to Microsoft Malware Protection Engine.
Assessment
CCIRC is aware of a critical vulnerability in the Microsoft Malware Protection Engine. Exploitation of this vulnerability may allow for remote code execution with elevated privileges and/or create denial of service conditions.
Affected Versions: Microsoft Malware Protection Engine version 1.1.13704.0 and prior
CVE References: CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, CVE-2017-8538, CVE-2017-8539,
CVE-2017-8540, CVE-2017-8541, CVE-2017-8542
Suggested action
CCIRC recommends that owner/operators test and deploy the vendor released updates or workarounds to affected platforms accordingly.
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8535
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8536
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8537
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8538
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8539
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8540
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8541
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8542