• CVE-2020-1163 for Windows Defender no fix?

    Home » Forums » AskWoody support » Windows » Windows 8.1 » Windows 8.1 (and Win 8) patches » CVE-2020-1163 for Windows Defender no fix?

    Tags:

    Author
    Topic
    tdbobo
    AskWoody Lounger
    February 1, 2021 at 9:32 pm #2339649

    CVE-2020-1163

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1163

    shows that it applies to Windows Defender on Windows 8.1, yet states about the antimalware client version

    First version of MpCmdRun.exe with the vulnerability addressed is 4.18.2005.1

    I’ve examined hundreds of Windows 8.1 Pro computers and they all have version 4.10.209.0, yet have automatically received the updated malware protection engine version 1.1.17700.5 that resolves the more recent CVE-2021-1647

    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1647

    Is Microsoft’s CVE-2020-1163 wrongly documented, or is there a way to get the version 4.18.2005.1 antimalware client that resolves this CVE for Windows 8.1?

    Please let me know if I’m missing something here…

    Reply | Quote
    Viewing 0 reply threads
    Author
    Replies
    • b
      AskWoody_MVP
      February 2, 2021 at 12:23 am #2339719

      Are you checking the file version of MpCmdRun.exe or the antimalware client version in Defender?

      The documentation is certainly confusing as it seems to refer to both of those in different places, but with the same recommended version number, whereas in practice they have different version numbers.

      On Windows 10, I have MpCmdRun.exe 4.18.1909.6 (vulnerable?) but antimalware client 4.18.2011.6 (not vulnerable?)

      Reply | Quote
      • tdbobo
        AskWoody Lounger
        February 2, 2021 at 11:35 am #2339851

        I’m referring to both the About screen’s antimalware client version, and the actual file version.

        Both MpCmdRun.exe and MsMpEng.exe executables have the same version, but on Windows 10 Microsoft has multiple versions installed in various directories.  There’s the “original” set of files in C:\Program Files\Windows Defender, with the oldest version numbers.  Then as Defender updates itself, it puts sets of newer files in C:\ProgramData\Microsoft\Windows Defender\Platform subdirectories named for the version of those newer files.  The “current” set of files is in the subdirectory with the newest versioned subdirectory.  You should find that the newest versioned subdirectory has an MpCmdRun.exe file with the version shown in the About screen as the antimalware client version.

        Reply | Quote
    Viewing 0 reply threads
    Reply To: CVE-2020-1163 for Windows Defender no fix?

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.