Microsoft Defender Vulnerability Allows Attackers to Elevate Privileges
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A newly disclosed security flaw in Microsoft Defender for Endpoint could allow attackers with local access to elevate their privileges to SYSTEM level, potentially gaining complete control over affected systems.
The vulnerability, tracked as CVE-2025-26684, was patched as part of Microsoft’s May 2025 Patch Tuesday security updates released yesterday.
Security researchers identified the vulnerability as an “external control of filename or path” weakness in Microsoft Defender for Endpoint that could be exploited by an authorized attacker to elevate privileges locally.
The vulnerability received a CVSS score of 6.7 out of 10, classifying it as “Important” severity rather than “Critical.”
Technical Details of CVE-2025-26684
According to the official Microsoft Security Response Center advisory, an attacker who successfully exploits this vulnerability could gain SYSTEM privileges, essentially providing them with complete control over the compromised system.
This level of access would allow malicious actors to install programs, modify or delete data, and create accounts with full administrative rights.
“The vulnerability stems from improper validation of user-supplied input when handling file paths in Microsoft Defender for Endpoint,” explains cybersecurity expert Rich Mirch from Stratascale, one of the researchers credited with discovering the flaw.
“When exploited, it allows attackers to manipulate file operations to access restricted system resources.”
The vulnerability specifically affects Microsoft Defender for Endpoint for Linux versions prior to 101.25XXX.
Organizations running this security solution should ensure they apply the latest security update immediately.
Microsoft has classified the exploitability assessment as “Exploitation Unlikely,” indicating that while the vulnerability is serious, the company believes the likelihood of widespread exploitation is relatively low.
The company also confirmed that there is no evidence that this vulnerability was publicly disclosed or exploited in the wild prior to the patch release.
The vulnerability was discovered through coordinated vulnerability disclosure, with credit given to security researchers astraleureka and Rich Mirch from Stratascale.
Risk Factors Details Affected ProductsMicrosoft Defender for Endpoint (Linux) versions prior to 101.25XXXImpactLocal privilege escalation to SYSTEM-level accessExploit Prerequisites– Local access- High privileges (authorized user required)CVSS 3.1 Score6.7 (Important)
Patch Immediately
This vulnerability was one of 78 security flaws addressed in Microsoft’s May 2025 Patch Tuesday.
Security administrators can verify that the update has been installed by running the MDE Client Analyzer on potentially affected devices.
According to Microsoft’s advisory Report, “When running the analyzer on a Windows device that does not have the security update, the analyzer will present a warning (ID 121035) indicating missing patch and directing to relevant online articles.”
This flaw highlights the ongoing importance of promptly applying security patches, especially for security products that are designed to protect systems from other threats.
While Microsoft Defender is meant to serve as a defensive tool, vulnerabilities within security products themselves can create significant risk if exploited.
Organizations using Microsoft Defender for Endpoint should prioritize installing the latest security updates as part of their regular patch management cycles.
For environments where immediate patching isn’t possible, security teams should implement additional monitoring for suspicious privilege escalation attempts and unusual system-level activities that could indicate exploitation attempts.
#Cyber_Security #Cyber_Security_News #Microsoft #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Microsoft Defender Vulnerability Allows Attackers to Elevate Privileges
Author: KaaviyaA newly disclosed security flaw in Microsoft Defender for Endpoint could allow attackers with local access to elevate their privileges to SYSTEM level, potentially gaining complete control over affected systems.
The vulnerability, tracked as CVE-2025-26684, was patched as part of Microsoft’s May 2025 Patch Tuesday security updates released yesterday.
Security researchers identified the vulnerability as an “external control of filename or path” weakness in Microsoft Defender for Endpoint that could be exploited by an authorized attacker to elevate privileges locally.
The vulnerability received a CVSS score of 6.7 out of 10, classifying it as “Important” severity rather than “Critical.”
Technical Details of CVE-2025-26684
According to the official Microsoft Security Response Center advisory, an attacker who successfully exploits this vulnerability could gain SYSTEM privileges, essentially providing them with complete control over the compromised system.
This level of access would allow malicious actors to install programs, modify or delete data, and create accounts with full administrative rights.
“The vulnerability stems from improper validation of user-supplied input when handling file paths in Microsoft Defender for Endpoint,” explains cybersecurity expert Rich Mirch from Stratascale, one of the researchers credited with discovering the flaw.
“When exploited, it allows attackers to manipulate file operations to access restricted system resources.”
The vulnerability specifically affects Microsoft Defender for Endpoint for Linux versions prior to 101.25XXX.
Organizations running this security solution should ensure they apply the latest security update immediately.
Microsoft has classified the exploitability assessment as “Exploitation Unlikely,” indicating that while the vulnerability is serious, the company believes the likelihood of widespread exploitation is relatively low.
The company also confirmed that there is no evidence that this vulnerability was publicly disclosed or exploited in the wild prior to the patch release.
The vulnerability was discovered through coordinated vulnerability disclosure, with credit given to security researchers astraleureka and Rich Mirch from Stratascale.
Risk Factors Details Affected ProductsMicrosoft Defender for Endpoint (Linux) versions prior to 101.25XXXImpactLocal privilege escalation to SYSTEM-level accessExploit Prerequisites– Local access- High privileges (authorized user required)CVSS 3.1 Score6.7 (Important)
Patch Immediately
This vulnerability was one of 78 security flaws addressed in Microsoft’s May 2025 Patch Tuesday.
Security administrators can verify that the update has been installed by running the MDE Client Analyzer on potentially affected devices.
According to Microsoft’s advisory Report, “When running the analyzer on a Windows device that does not have the security update, the analyzer will present a warning (ID 121035) indicating missing patch and directing to relevant online articles.”
This flaw highlights the ongoing importance of promptly applying security patches, especially for security products that are designed to protect systems from other threats.
While Microsoft Defender is meant to serve as a defensive tool, vulnerabilities within security products themselves can create significant risk if exploited.
Organizations using Microsoft Defender for Endpoint should prioritize installing the latest security updates as part of their regular patch management cycles.
For environments where immediate patching isn’t possible, security teams should implement additional monitoring for suspicious privilege escalation attempts and unusual system-level activities that could indicate exploitation attempts.
#Cyber_Security #Cyber_Security_News #Microsoft #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
