<< Back
CVE Number Vulnerability Product Severity Date
MS08-029 Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service (952044) Microsoft Windows Critical 14-05-2008

Technical Information

Brief overview of the risk:
The Microsoft Malware Protection Engine is a part of several Microsoft products. Depending upon which product is installed, this security update has different severity ratings. This security update is rated Moderate for Windows Live OneCare, Microsoft Antigen for Exchange, Microsoft Antigen for SMTP Gateway, Microsoft Windows Defender, Microsoft Forefront Client Security, Microsoft Forefront Security for Exchange Server and Microsoft Forefront Security for SharePoint. This security update is rated Low for Standalone System Sweeper located in Diagnostics and Recovery Toolset 6.
Detailed Information on the risk:
A denial of service vulnerability exists in the way that the Microsoft Malware Protection Engine processes specially crafted files. An attacker could exploit the vulnerability by constructing a specially crafted file that could allow denial of service when received by the target computer system and scanned by the Microsoft Malware Protection Engine. An attacker who successfully exploited this vulnerability could cause the Microsoft Malware Protection Engine to stop responding and automatically restart.Further information on this exploit is available at : MS08-029

Affected Software

Microsoft Windows Defender
Windows Live OneCare
Microsoft Antigen for Exchange 9.x
Microsoft Antigen for SMTP Gateway 9.x
Microsoft Forefront Security for SharePoint