CVE-2018-0986

EPSS 61.5%

Vexday Risk Score

35Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS —EPSS 61.5%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

04 Apr 2018Published on NVD

05 Apr 2018Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection.

Affected products

Microsoft · Microsoft Exchange Server Microsoft · Microsoft Forefront Endpoint Protection Microsoft · Microsoft Security Essentials Microsoft · Microsoft System Center Microsoft · Microsoft System Center Endpoint Protection Microsoft · Windows Defender Microsoft · Windows Intune Endpoint Protection

public PoCs found — 2

exploitdbwww.exploit-db.com/exploits/44402unverified cve_referencewww.exploit-db.com/exploits/44402/unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986 https://www.exploit-db.com/exploits/44402/http://www.securityfocus.com/bid/103593 http://www.securitytracker.com/id/1040631