Skip to content

Check System for CVE-2017-0290

A code-execution vulnerability was found in the Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0. This vulnerability is known as CVE-2017-0290.

The good news: Microsoft already released a fix for this issue!

Here is a quick way to check if a system is vulnerable:

1
2
3
# Returns a Bool (yep. just True or False) for CVE-2017-0290 vulnerability
(Get-MpComputerStatus).AMEngineVersion -ge '1.1.13704.0'
# If you see False you should update your Defender Definition File As Soon Ass Possible (ASAP)

And here is a small Gist that could download the latest (non vulnerable definition for you) if the system is vulnerable:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
#requires -Version 2.0 -Modules Defender

<#
		.SYNOPSIS
		Check if the System is effected by CVE-2017-0290
	
		.DESCRIPTION
		Check if the System is effected by CVE-2017-0290 and update the Defender definition if needed
	
		.PARAMETER WSUS
		Use a WSUS Server instead of the Microsoft Update Server as definition source.
	
		.EXAMPLE
		PS C:\> .\check-CVE20170290.ps1
	
		.NOTES
		Use the Defender PowerShell Module
#>
param
(
	[Parameter(ValueFromPipeline = $true,
	Position = 1)]
	[switch]
	$WSUS
)

PROCESS {
	if (-not (Get-MpComputerStatus).AMEngineVersion -ge '1.1.13704.0') 
	{
		Write-Warning -Message 'This system could be effected by CVE-2017-0290'
		Write-Output -InputObject 'Defender update enforced.'
	
		if ($WSUS)
		{
			# Get the latest Virus and spyware definitions from a WSUS
			Update-MpSignature -Verbose -UpdateSource InternalDefinitionUpdateServer
		}
		else
		{
			# Get the latest Virus and spyware definitions from Microsoft
			Update-MpSignature -Verbose -UpdateSource MicrosoftUpdateServer
		}
	}
	else 
	{
		Write-Output -InputObject 'This system not effected by CVE-2017-0290'
	}
}

Hope this helps!

This content is older than 2 years. It might be outdated.
Published inPowerShell

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *