LowMicrosoft Windows Knowledge Base Article 952044 update is not installed on the system, which could allow a remote attacker to exploit the following vulnerabilities:
Microsoft Malware Protection Engine is vulnerable to a denial of service, caused by improper validation of input when parsing files. By persuading a victim to scan a specially-crafted file using the Microsoft Malware Protection Engine, a remote attacker could cause the Malware Protection Engine to become unresponsive and eventually restart. An attacker could exploit this vulnerability by hosting the malicious file on a Web site or sending the file as an email attachment.
Microsoft Malware Protection Engine is vulnerable to a denial of service, caused by improper validation of certain data structures when parsing files. By persuading a victim to scan a specially-crafted file using the Microsoft Malware Protection Engine, a remote attacker could cause large temporary files to be created and consume all available disk resources. An attacker could exploit this vulnerability by hosting the malicious file on a Web site or sending the file as an email attachment.
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS08-029. See References.
Microsoft Security Bulletin MS08-029
Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service (952044)
http://www.microsoft.com/technet/security/bulletin/ms08-029.mspx
IBM Internet Security Systems X-Force Database
Microsoft Malware Protection Engine file denial of service
http://xforce.iss.net/xforce/xfdb/42107
IBM Internet Security Systems X-Force Database
Microsoft Malware Protection Engine data structure denial of service
http://xforce.iss.net/xforce/xfdb/42108
ISS X-Force
Microsoft Windows Knowledge Base Article 952044 update not installed
http://www.iss.net/security_center/static/42109.php
CVE CVE-2008-1438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1438
CVE CVE-2008-1437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1437
