What is the severity of CVE-2017-8540?

CVE-2017-8540 has a CVSS v3 score of 7.8, which is classified as High severity.

Is there an exploit available for CVE-2017-8540?

Yes, there are known exploits available for CVE-2017-8540. Immediate patching is recommended.

Is there a patch available for CVE-2017-8540?

Yes, patches are available for CVE-2017-8540. Check the vendor advisories for update instructions.

CVE-2017-8540

Published: April 3, 2026

Last updated:13 hours ago (April 3, 2026)

Exploit: YesZero-day: NoPatch: YesTrend: Neutral

TL;DR

Updated April 3, 2026

CVE-2017-8540 is a high severity vulnerability with a CVSS score of 7.8. Exploits are available; patches have been released and should be applied urgently.

Key Points

1High severity (CVSS 7.8/10)
2EPSS: 85.00% - very high likelihood of exploitation
3Public exploits are available
4Vendor patches are available
5Strobes Priority Score: 661/1000 (Medium)
6Affects products from: Microsoft

Test this CVE with Agentic AI

Deploy autonomous AI agents to validate this vulnerability in your environment.

Severity Scores

CVSS v37.8

CVSS v29.3

Priority Score661.0

EPSS Score85.0

High

Exploitation LikelihoodCritical

85.00%EPSS

Very high probability of exploitation in the next 30 days

Immediate patching required

85.00%

EPSS

7.8

CVSS

Yes

Exploit

Yes

Patch

High Priority

high EPSS • exploit exists

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".

CVSS v3 Breakdown

Attack Vector:Local

Attack Complexity:Local

Privileges Required:Network

User Interaction:Required

Scope:Unchanged

Confidentiality:High

Integrity:High

Availability:High

Exploit References

Cisa.gov Exploit-db.com [email protected]

Patch References

[email protected]

Trend Analysis

Neutral

Vulnerable Products

Vendor	Product
Microsoft	Windows 8.1
Microsoft	Windows 10 1703
Microsoft	System Center Endpoint Protection
Microsoft	Forefront Security
Microsoft	Windows Rt 8.1
Microsoft	Malware Protection Engine
Microsoft	Windows 10 1607
Microsoft	Windows 7
Microsoft	Security Essentials
Microsoft	Windows 10 1507

And 9 more...

Advisories

CISA: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".

GitHub Advisory NVD

Cite This Page

APA Format

Strobes VI. (2026). CVE-2017-8540 - CVE Details and Analysis. Strobes VI. Retrieved April 3, 2026, from https://vi.strobes.co/cve/CVE-2017-8540

Quick copy link + title

Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.

Vendor

Product

Microsoft

Windows 8.1

Microsoft

Windows 10 1703

Microsoft

System Center Endpoint Protection

Microsoft

Forefront Security

Microsoft

Windows Rt 8.1

Microsoft

Malware Protection Engine

Microsoft

Windows 10 1607

Microsoft

Windows 7

Microsoft

Security Essentials

Microsoft

Windows 10 1507

CVE-2017-8540

Ready for Agentic Automated Testing?

CVE-2017-8540