First published: Wed Apr 04 2018(Updated: )
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection.
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Exchange Server | =2013 | |
Microsoft Exchange Server | =2016 | |
Microsoft Security Essentials | ||
Microsoft Forefront Endpoint Protection 2010 | ||
Microsoft Intune Endpoint Protection | ||
Microsoft System Center Endpoint Protection | ||
Microsoft System Center Endpoint Protection | =2012 | |
Microsoft System Center Endpoint Protection | =2012-r2 | |
Microsoft Windows Defender | ||
Microsoft Windows 10 | ||
Microsoft Windows 10 | =1511 | |
Microsoft Windows 10 | =1607 | |
Microsoft Windows 10 | =1703 | |
Microsoft Windows 10 | =1709 | |
Microsoft Windows 7 | =sp1 | |
Microsoft Windows 8.1 | ||
Microsoft Windows RT 8.1 | ||
Microsoft Windows Server 2008 | =r2-sp1 | |
Microsoft Windows Server 2012 | ||
Microsoft Windows Server 2012 | =r2 | |
Microsoft Windows Server 2016 | ||
Microsoft Windows Server 2016 | =1709 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-0986 is a remote code execution vulnerability in the Microsoft Malware Protection Engine.
Windows Defender, Microsoft Security Essentials, Microsoft Forefront Endpoint Protection 2010, Microsoft Intune Endpoint Protection, Microsoft System Center Endpoint Protection, Microsoft Exchange Server 2013 and 2016.
CVE-2018-0986 has a severity level of critical (8.8).
CVE-2018-0986 allows remote attackers to execute arbitrary code by exploiting a memory corruption issue in the Microsoft Malware Protection Engine.
No, Windows 10 and Windows 7 are not vulnerable to CVE-2018-0986.