All Products
Document Center

[Vulnerability notice] CVE-2017-0290: Remote code execution vulnerability in Microsoft Malware Protection Engine

Last Updated: Apr 02, 2018

On May 6, 2017, Google Project Zero tweeted a major Windows remote code execution vulnerability. Hackers can exploit this vulnerability to remotely control any Windows operating system. Your personal information may have been stolen. Microsoft announced this vulnerability on May 8, and Google Project Zero revealed the details on May 9.

See the following for more information about the vulnerability.

CVE identifier


Vulnerability name

Microsoft Malware Protection Engine remote code execution vulnerability

Vulnerability rating


Vulnerability description

The vulnerability triggers remote code execution if the Microsoft Malware Protection Engine does not properly scan a specially crafted file and consequently corrupts the memory. Attackers can run arbitrary code using the LocalSystem account and take control of the system.

Condition and method of exploitation

Remote exploitation.

Affected scope

  • By default, no malware protection software is installed in Windows Server 2008 and Windows Server 2012 provided by Alibaba Cloud. Therefore, these operating systems are not affected by the vulnerability. Windows Defender is installed in Windows Server 2016, which may be affected.

  • An official publication has been released to list the following affected versions:

    • Microsoft Forefront Endpoint Protection 2010
    • Microsoft Endpoint Protection
    • Microsoft Forefront Security for SharePoint Service Pack 3
    • Microsoft System Center Endpoint Protection
    • Microsoft Security Essentials
    • Windows Defender for Windows 7
    • Windows Defender for Windows 8.1
    • Windows Defender for Windows RT 8.1
    • Windows Defender for Windows 10, Windows 10 1511, Windows 10 1607, Windows Server 2016, Windows 10 1703
    • Windows Intune Endpoint Protection

Vulnerability detection

Check whether your Microsoft Malware Protection Engine is version 1.1.13701.0 or later. If so, it is not affected.

How to fix or mitigate

If you have installed malware protection software, you can use the automatic update feature of Windows and manually install the patch. The vulnerability is fixed in Microsoft Malware Protection Engine 1.1.13704.0.