Microsoft Windows Defender — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Windows Defender, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (28)
CVE-2006-5270 — CVSS 9.3 (critical): Integer overflow in the Microsoft Malware Protection Engine (mpengine.dll), as used by Windows Live OneCare, Antigen, Defender, and…
CVE-2018-0986 — CVSS 8.8 (high): A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file…
CVE-2017-0290 — CVSS 7.8 (high): The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2…
CVE-2017-8538 — CVSS 7.8 (high): The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2…
CVE-2017-8541 — CVSS 7.8 (high): The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2…
CVE-2017-8558 — CVSS 7.8 (high): The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows…
CVE-2020-0835 — CVSS 7.8 (high): An elevation of privilege vulnerability exists when Windows Defender antimalware platform improperly handles hard links, aka 'Windows…
CVE-2020-1163 — CVSS 7.8 (high): An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the…
CVE-2020-1170 — CVSS 7.8 (high): An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the…
CVE-2019-1255 — CVSS 7.5 (high): A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service…
CVE-2011-0037 — CVSS 7.2 (high): Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender…
CVE-2013-0078 — CVSS 7.2 (high): The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows…
CVE-2020-1002 — CVSS 7.1 (high): An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit…
CVE-2020-1461 — CVSS 7.1 (high): An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit…
CVE-2019-1161 — CVSS 7.1 (high): An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations. To exploit…
CVE-2013-3154 — CVSS 6.9 (medium): The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname…
CVE-2017-8535 — CVSS 5.5 (medium): The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2…
CVE-2017-8542 — CVSS 5.5 (medium): The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2…
CVE-2017-8536 — CVSS 5.5 (medium): The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2…
CVE-2017-8537 — CVSS 5.5 (medium): The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2…
CVE-2017-8539 — CVSS 5.5 (medium): The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2…
CVE-2008-1437 — CVSS 5.0 (medium): Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft…
CVE-2008-1438 — CVSS 5.0 (medium): Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft…