EIP-2026-117503

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117503. PoCs published by Google Security Research.

AI-analyzed exploit summary This is a technical analysis of a vulnerability in Microsoft's MsMpEng (Microsoft Malware Protection Engine) where an x86 emulator exposes dangerous APIs like NtControlChannel, allowing untrusted code to execute with SYSTEM privileges. The writeup details integer overflows, regex parsing issues, and microcode manipulation via specific IOCTL commands.

Description

Microsoft MsMpEng - Multiple Problems Handling ntdll!NtControlChannel Commands

Exploits (1)

exploitdb WRITEUP VERIFIED

by Google Security Research · textlocalwindows

https://www.exploit-db.com/exploits/42077

View Code ZIP pw:eip

This is a technical analysis of a vulnerability in Microsoft's MsMpEng (Microsoft Malware Protection Engine) where an x86 emulator exposes dangerous APIs like NtControlChannel, allowing untrusted code to execute with SYSTEM privileges. The writeup details integer overflows, regex parsing issues, and microcode manipulation via specific IOCTL commands.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Complex

Reliability

Theoretical

Target: Microsoft Malware Protection Engine (MsMpEng)

No auth needed

Prerequisites: Ability to deliver a crafted PE file to the target system · MsMpEng running with SYSTEM privileges

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1211 - Exploitation for Defense Evasion

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Microsoft MsMpEng - Multiple Problems Handling ntdll!NtControlChannel Commands

Exploitation Summary

Description

Exploits (1)

Details