{"vulnerability": "CVE-2018-0986", "sightings": [{"uuid": "8f2f2b06-a1b8-4502-8576-b7c5b3d4c191", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0986", "type": "exploited", "source": "https://www.exploit-db.com/exploits/44402", "content": "", "creation_timestamp": "2018-04-05T00:00:00.000000Z"}, {"uuid": "290684b8-c6a9-4f6d-a895-d0a1e72d83b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0986", "type": "seen", "source": "https://bsky.app/profile/tuxpanik.bsky.social/post/3lgveyong542i", "content": "", "creation_timestamp": "2025-01-29T16:24:11.276490Z"}, {"uuid": "e5926996-a830-4f3f-9d3a-84770ad526dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0986", "type": "seen", "source": "https://t.me/BleepingComputer/2695", "content": "Microsoft Out-Of-Band Security Update Patches Malware Protection Engine Flaw\n\nYesterday, April 3, Microsoft released an emergency security update via Windows Update that fixes CVE-2018-0986, a vulnerability in the Microsoft Malware Protection Engine (MMPE). [...]\n\nhttps://www.bleepingcomputer.com/news/security/microsoft-out-of-band-security-update-patches-malware-protection-engine-flaw/", "creation_timestamp": "2018-04-04T10:20:37.000000Z"}, {"uuid": "fd1a93b3-2d1e-4db2-8086-006daebfdb2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0986", "type": "seen", "source": "https://t.me/information_security_channel/15886", "content": "Critical Vulnerability Patched in Microsoft Malware Protection Engine\nhttp://feedproxy.google.com/~r/Securityweek/~3/euIzaFzYPfw/critical-vulnerability-patched-microsoft-malware-protection-engine\n\nAn update released this week by Microsoft for its Malware Protection Engine patches a vulnerability that can be exploited to take control of a system by placing a malicious file in a location where it would be scanned.\nThe Microsoft Malware Protection Engine provides scanning, detection and cleaning capabilities for security software made by the company. The engine is affected by a flaw that can be exploited for remote code execution when a specially crafted file is scanned.\nThe malicious file can be delivered via a website, email or instant messenger. The Malware Protection Engine will automatically scan the file (if real-time protection is enabled) and allow the attacker to execute arbitrary code in the context of the LocalSystem account, which can lead to a complete takeover of the targeted system.\nOn systems where real-time scanning is not enabled, the exploit will still get triggered, but only when a scheduled scan is initiated.\nThe vulnerability, tracked as CVE-2018-0986 (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986) and rated \u201ccritical,\u201d affects several Microsoft products that use the Malware Protection Engine, including Exchange Server, Forefront Endpoint Protection 2010, Security Essentials, Windows Defender, and Windows Intune Endpoint Protection.\nWhile the flaw is dangerous and easy to exploit, Microsoft believes exploitation is \u201cless likely.\u201d The company pointed out that the patch for this vulnerability will be automatically delivered to customers within 48 hours of release \u2013 users and administrators do not have to take any action.\nGoogle Project Zero researcher Thomas Dullien, aka \u201cHalvar Flake,\u201d has been credited for finding CVE-2018-0986. The details of the vulnerability have yet to be disclosed, but considering that the patch is being delivered automatically to most systems, the information will likely become available soon.\nThis is not the first time Google Project Zero researchers have discovered critical vulnerabilities in Microsoft\u2019s Malware Protection Engine. While Google may occasionally disclose flaws in Microsoft products before patches become available (https://www.securityweek.com/google-discloses-unpatched-edge-vulnerability), in the case of the Malware Protection Engine, Microsoft typically releases patches within a few days (https://www.securityweek.com/microsoft-fixes-antimalware-engine-flaw-found-google-experts) or weeks (https://www.securityweek.com/microsoft-patches-several-malware-protection-engine-flaws).\nA similar flaw (https://www.securityweek.com/microsoft-patches-critical-vulnerability-malware-protection-engine) in the Malware Protection Engine was also found recently by employees of UK's National Cyber Security Centre (NCSC).\nRelated: Microsoft Releases More Patches for Meltdown, Spectre (https://www.securityweek.com/microsoft-releases-more-patches-meltdown-spectre)\nRelated: Microsoft Patches for Meltdown Introduced Severe Flaw (https://www.securityweek.com/microsoft-patches-meltdown-introduced-severe-flaw-researcher)\nRelated: Microsoft Patches 50 Flaws in Windows, Office, Browsers (https://www.securityweek.com/microsoft-patches-50-flaws-windows-office-browsers)", "creation_timestamp": "2018-04-04T17:55:22.000000Z"}, {"uuid": "0a504390-64a5-4c65-8111-c27fdaf8db58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0986", "type": "seen", "source": "https://t.me/information_security_channel/15897", "content": "Microsoft Patches Critical Flaw in Malware Protection Engine\nhttps://www.darkreading.com/vulnerabilities---threats/microsoft-patches-critical-flaw-in-malware-protection-engine/d/d-id/1331453?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\n\nThe emergency update addressed CVE-2018-0986, which would let an attacker execute malicious code on a Windows machine.", "creation_timestamp": "2018-04-04T19:33:32.000000Z"}, {"uuid": "c61adbb8-e58b-4754-83ea-0fb8c0a65bd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0986", "type": "seen", "source": "https://t.me/itsecalert/103", "content": "\u26a0\ufe0f Windows 10/8/7 +  Server 2008/2012/2016  - Microsoft Malware Protection Engine, Microsoft Windows Defender\nREMOTE CODE EXECUTION vulnerability.\n\nTo exploit this vulnerability, a specially crafted file must be scanned by an affected version of the Microsoft Malware Protection Engine. As these scanners are usually configured to scan all files written, incoming mail attachments can trigger the RCE without user interaction necessary.\nMicrosoft released an update which should be deployed by you immediately. \n\nAffects Versions below 1.1.14700.5 on all Windows Systems (begins with Windows 7 and Windows Server 2008).\n\nMore Information: https://yt.gl/dsk2q\n\n(severity: \ud83d\udd36 high) \n\n#alert #vulnerability #severityhigh #windows #CVE-2018-0986\nFeel free to discuss this issue in @itsectalk and do your colleagues a favor and forward them this critical vulnerability.\nFollow us & share on LinkedIn: https://www.linkedin.com/feed/update/urn:li:activity:6387603734268121088", "creation_timestamp": "2018-04-05T12:17:36.000000Z"}, {"uuid": "eb00a42b-21e9-4250-b41c-fce9112530be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-0986", "type": "seen", "source": "https://t.me/SecLabNews/1898", "content": "\u0412\u043e \u0432\u0442\u043e\u0440\u043d\u0438\u043a, 3 \u0430\u043f\u0440\u0435\u043b\u044f, \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Microsoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0432\u043d\u0435\u043f\u043b\u0430\u043d\u043e\u0432\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0435\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2018-0986) \u0432 Microsoft Malware Protection Engine (MMPE).    \nMicrosoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0432\u043d\u0435\u043f\u043b\u0430\u043d\u043e\u0432\u043e\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438", "creation_timestamp": "2018-04-04T15:56:06.000000Z"}]}