CVE DATABASE / CVE-2017-8540
CVE-2017-8540
Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
Confirmed exploited in the wild. Added 2022-03-03.
Federal remediation due 2022-03-24.
Required action: Apply updates per vendor instructions.
Summary
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8541.
CVSS 3.1 breakdown
| Base score | 7.8 (HIGH) |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://www.securityfocus.com/bid/98703
- http://www.securitytracker.com/id/1038571
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8540
- https://www.exploit-db.com/exploits/42088/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-8540
Data: NIST NVD + CISA KEV. NVD last modified 2026-04-22. Always verify against the vendor advisory before acting.