Security
Headlines
HeadlinesLatestCVEs

Tag

#Microsoft Defender for Endpoint

CVE-2024-49057: Microsoft Defender for Endpoint on Android Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user must install and use a specially-crafted malicious application on their Android device.

Microsoft Security Response Center
#vulnerability#android#microsoft#Microsoft Defender for Endpoint#Security Vulnerability
CVE-2024-5535: OpenSSL: CVE-2024-5535 SSL_select_next_proto buffer overread

**How could an attacker exploit this vulnerability?** Exploitation of this vulnerability requires that an attacker send a malicious link to the victim via email, or that they convince the user to click the link, typically by way of an enticement in an email or Instant Messenger message. In the worst-case email attack scenario, an attacker could send a specially crafted email to the user without a requirement that the victim open, read, or click on the link. This could result in the attacker executing remote code on the victim's machine. When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk (UI:N).

CVE-2024-21315: Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.

CVE-2023-24860: Microsoft Defender Denial of Service Vulnerability

References Identification Last version of the Microsoft Malware Protection Engine affected by this vulnerability 1.1.20100.6 First version of the Microsoft Malware Protection Engine with this vulnerability addressed Version 1.1.20200.4 See Manage Updates Baselines Microsoft Defender Antivirus for more information. **Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue?** Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state. **Why is no action required to install this update?** In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kep...

CVE-2023-21809: Microsoft Defender for Endpoint Security Feature Bypass Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** A user needs to be tricked into running malicious files.

CVE-2022-33637: Microsoft Defender for Endpoint Tampering Vulnerability

**According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to authenticate to the management console appliance and to have an integration token documented here: Defender for IoT sensor and management console APIs.

CVE-2022-23278: Microsoft Defender for Endpoint Spoofing Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.

CVE-2022-23278: Microsoft Defender for Endpoint Spoofing Vulnerability

**Why is Attack Complexity marked as High for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.