Microsoft’s Malware Protection Engine powers an entire line of security related software for the Redmond company and we are learning today that a privately disclosed issue could allow these products to be used in a Denial of Service attack.

The software programs impacted by this vulnerability are:

  • Forefront Client Security
  • Forefront Endpoint Protection 2010
  • Forefront Security for SharePoint Service Pack 3
  • System Center 2012 Endpoint Protection
  • System Center 2012 Endpoint Protection Service Pack 1
  • Malicious Software Removal Tool
  • Microsoft Security Essentials
  • Windows Defender for Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2
  • Windows Defender for Windows RT and Windows RT 8.1
  • Windows Defender for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
  • Windows Defender Offline
  • Windows Intune Endpoint Protection

The Forefront Server Security Management Console and Internet Security and Acceleration (ISA) Server are not affected because they do not use the same Malware Protection Engine.

Your software should update within 48 hours but you can initiate that update yourself to go ahead and be protected.

According to Microsoft they believe it is unlikely that the code exists for this vulnerability and that it would be difficult to build.


You can verify the update is installed on your systems by checking the Malware Protection Engine version number.  If it is version 1.1.10701.0 or higher you are covered.

Sources: Microsoft Security Advisory 2974294 and Microsoft releases Security Advisory 2974294