AnsweredAssumed Answered

Microsoft Malware Protection Engine vulnerabilities -remediation?

Question asked by ds0101 on Aug 30, 2017
Latest reply on Mar 19, 2019 by Jack Sparrow

Hello Qualys Community,

Can someone shed some light on how to remediate the below Microsoft Malware Protection Engine (Windows Defender) vulnerabilities please?

Our scanner is picking up the below 5 QID's as needing remediation. My question is, are these vulnerabilities exploitable only when Windows Defender is used or are their exploitable even when Windows Defender is not used, disabled? We are using a different AV and malware solution and Windows Defender is currently disabled. That means in order for us to close these QID's we need to enable Windows Defender and possibly disable and re-enable our other AV tool once the update is done and this could impact many hosts across the organization. Is this a correct approach or can we close these QID's as false negative since Windows defender is not enabled? So simple question again would be, are these exploitable when Windows Defender is disabled yes or no?

Microsoft Malware Protection Engine Elevation of Privilege Vulnerability (KB2491888)
Microsoft Malware Protection Engine Remote Code Execution Vulnerability
Microsoft Malware Protection Engine Privilege Escalation Vulnerability
Microsoft Malware Protection Engine Remote Code Execution (MSA-2846338)
Microsoft Malware Protection Engine Denial of Service Vulnerability (KB2974294)


Thank you!