CVE-2026-45647

CVE-2026-45647 describes a time-of-check time-of-use (TOCTOU) race condition in Microsoft Defender for Endpoint (Mac) that can allow an authorized locally logged-in attacker to elevate privileges. The Red Hat, NVD, MSRC and CVE records consistently frame the issue as a local elevation of privileg...

EUVD-2022-28364

Malicious code in bioql PyPI...

📄 Microsoft Defender for Endpoint Privilege Escalation

Proof of concept exploit that demonstrates a privilege escalation vulnerability in Microsoft Defender for Endpoint MDE. !/bin/bash Exploit Title: Microsoft Defender for Endpoint MDE - Elevation of Privilege Date: 2025-05-27 Exploit Author: Rich Mirch Vendor Homepage:...

The vulnerability of Microsoft Defender for Endpoint on Linux operating systems, related to access control errors, allows attackers to increase their privileges.

The vulnerability of Microsoft Defender for Endpoint on Linux operating systems is related to access control errors. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of Microsoft Defender for Endpoint on Linux operating systems, related to errors in processing the relative path to the directory, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Defender for Endpoint on Linux operating systems is related to errors in processing the relative path to the directory. Exploiting this vulnerability can allow attackers to perform spear-phishing attacks...

CVE-2024-43614

Relative path traversal in Microsoft Defender for Endpoint allows an authorized attacker to perform spoofing locally...

March 28, 2023—KB5023778 (OS Build 22621.1485) Preview

March 28, 2023—KB5023778 OS Build 22621.1485 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 22H2, see its update history page. Note Follow @WindowsUpdate to...

Security feature bypass

Microsoft Defender for Endpoint Security Feature Bypass Vulnerability...

Improving AI-based defenses to disrupt human-operated ransomware

Microsoft’s deep understanding of human-operated ransomware attacks, which are powered by a thriving cybercrime gig economy, continuously informs the solutions we deliver to protect customers. Our expert monitoring of threat actors, investigations into real-world ransomware attacks, and the...

CVE-2022-23278

creationtimestamp| type| source ---|---|--- 2022-03-08 07:00:00+00:00| seen| https://msrc.microsoft.com/blog/2022/03/guidance-for-cve-2022-23278-spoofing-in-microsoft-defender-for-endpoint/ 2022-03-09 20:18:14+00:00| seen| https://t.me/cibsecurity/38609 2025-07-08 15:31:24+00:00| seen|...

Vulnerabilities fixed in Microsoft Defender

Microsoft has fixed vulnerabilities in Defender. A malicious party could potentially exploit the vulnerabilities to obtain elevated privileges, be able to impersonate another user and execute arbitrary code in the context of a user. In order to exploit the vulnerabilities, the malicious party nee...

December 14, 2021—Hotpatch KB5008286 (OS Build 20348.410)

None None...

Microsoft Defender for Endpoint: The Latest Versions of Antivirus Engine & Signatures

In a previous episode on Microsoft Defender for Endpoint, I described how to get a list of antivirus engine and signatures versions for the hosts in your infrastructure using the Microsoft Graph API. But the problem remains. You know the versions that are currently installed on the hosts. But whe...