Back
Featured image of post Check System for CVE-2017-0290

Check System for CVE-2017-0290

A code-execution vulnerability was found in the Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0.

This vulnerability is known as CVE-2017-0290.

The good news: Microsoft already released a fix for this issue!

Here is a quick way to check if a system is vulnerable:

# Returns a Bool (yep. just True or False) for CVE-2017-0290 vulnerability
(Get-MpComputerStatus).AMEngineVersion -ge '1.1.13704.0'
# If you see False you should update your Defender Definition File As Soon Ass Possible (ASAP)

And here is a small Gist that could download the latest (non vulnerable definition for you) if the system is vulnerable:

#requires -Version 2.0 -Modules Defender

<#
        .SYNOPSIS
      Check if the System is effected by CVE-2017-0290

        .DESCRIPTION
      Check if the System is effected by CVE-2017-0290 and update the Defender definition if needed

        .PARAMETER WSUS
      Use a WSUS Server instead of the Microsoft Update Server as definition source.

        .EXAMPLE
      PS C:\> .\check-CVE20170290.ps1

        .NOTES
      Use the Defender PowerShell Module
#>
param
(
	[Parameter(ValueFromPipeline = $true,
				  Position = 1)]
	[switch]
	$WSUS
)

process
{
	if (-not (Get-MpComputerStatus).AMEngineVersion -ge '1.1.13704.0')
	{
		Write-Warning -Message 'This system could be effected by CVE-2017-0290'
		Write-Output -InputObject 'Defender update enforced.'

		if ($WSUS)
		{
			# Get the latest Virus and spyware definitions from a WSUS
			Update-MpSignature -Verbose -UpdateSource InternalDefinitionUpdateServer
		}
		else
		{
			# Get the latest Virus and spyware definitions from Microsoft
			Update-MpSignature -Verbose -UpdateSource MicrosoftUpdateServer
		}
	}
	else
	{
		Write-Output -InputObject 'This system not effected by CVE-2017-0290'
	}
}

Hope this helps!