Lucene search
+L

765 matches found

Qualys Blog
Qualys Blog
added 2026/04/22 5:12 p.m.27 views

Don’t Wait for a Patch. Mitigate RedSun Zero-Day Risk in Microsoft Defender Today

Key Takeaways RedSun is a critical zero-day vulnerability in Microsoft Defender that allows low-privileged users to gain SYSTEM access No patch is currently available, leaving all Defender-enabled Windows systems potentially exposed Qualys VMDR detects affected assets instantly QID 92382 TruRisk...

5.7AI score
Exploits0
CISA
CISA
added 2026/04/22 12:0 p.m.13 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-33825link is external Microsoft Defender Insufficient Granularity of Access Control Vulnerability This type of vulnerability is a frequent attack vector for...

7.8CVSS5.8AI score0.06749EPSS
In wildExploits3References6
CISA KEV Catalog
CISA KEV Catalog
added 2026/04/22 12:0 a.m.9 views

Microsoft Defender Insufficient Granularity of Access Control Vulnerability

Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally...

7.8CVSS5.7AI score0.06749EPSS
In wildExploits3
The Hacker News
The Hacker News
added 2026/04/17 1:21 p.m.19 views

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer requires GitHub sign-in, RedSun, an...

7.8CVSS6.4AI score0.06749EPSS
Exploits3
VulnCheck KEV
VulnCheck KEV
added 2026/04/16 12:0 a.m.180 views

VulnCheck KEV: CVE-2026-33825

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally...

7.8CVSS6.4AI score0.06749EPSS
In wildExploits3References4
RedhatCVE
RedhatCVE
added 2026/04/15 7:24 p.m.7 views

CVE-2026-33825

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally...

7.8CVSS6.4AI score0.06749EPSS
Exploits3References1
Cvelist
Cvelist
added 2026/04/14 4:57 p.m.56 views

CVE-2026-33825 Microsoft Defender Elevation of Privilege Vulnerability

...

7.8CVSS0.06749EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2026/04/14 4:57 p.m.3 views

CVE-2026-33825 Microsoft Defender Elevation of Privilege Vulnerability

...

7.8CVSS6.4AI score0.06749EPSS
Exploits3References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 4:57 p.m.13 views

CVE-2026-33825

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally...

7.8CVSS5.7AI score0.06749EPSS
Exploits3References2Affected Software1
CVE
CVE
added 2026/04/14 4:57 p.m.511 views

CVE-2026-33825

CVE-2026-33825 is a local EoP vulnerability in the Microsoft Defender Antimalware Platform. A TOCTOU race condition during malware remediation (in Defender’s threat remediation engine) lets an authenticated, low-privilege user pause remediation via NTFS oplocks and redirect Defender operations th...

7.8CVSS5.7AI score0.06749EPSS
In wildExploits3References3Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/04/14 2:0 p.m.7 views

Microsoft Defender Elevation of Privilege Vulnerability

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally...

7.8CVSS6.2AI score0.06749EPSS
Exploits3
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.11 views

Microsoft Defender 安全漏洞

Microsoft Defender is a threat protection software developed by the American company Microsoft. There are security vulnerabilities in Microsoft Defender. Attackers can exploit these vulnerabilities to gain higher privileges...

7.8CVSS6.4AI score0.06749EPSS
Exploits3References1
Kaspersky
Kaspersky
added 2026/04/14 12:0 a.m.10 views

KLA90983 PE vulnerability in Microsoft System Center

An elevation of privilege vulnerability was found in Microsoft System Center. Malicious users can exploit this vulnerability to bypass security restrictions, gain privileges. Original advisories CVE-2026-33825 Exploitation Public exploits exist for this vulnerability. Malware exists for this...

7.8CVSS6.4AI score0.06749EPSS
Exploits3References4
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.6 views

PT-2026-32884

Name of the Vulnerable Software and Affected Versions microsoft defender antimalware platform versions prior to 4.18.26030.3011 Description Microsoft Defender contains an insufficient granularity of access control flaw, specifically a time-of-check to time-of-use TOCTOU race condition within the...

7.8CVSS7.1AI score0.06749EPSS
Exploits3References159
Microsoft Secure
Microsoft Secure
added 2026/03/27 7:53 p.m.9 views

How Microsoft Defender protects high-value assets in real-world attack scenarios

In this article 1. Using asset context to strengthen detection 2. How high-value asset protection works 3. Real-world high-value asset protection scenarios 4. Protecting your HVAs 5. Learn more High-value assets including domain controllers, web servers, and identity infrastructure are frequent...

6.4AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/03/12 4:0 p.m.10 views

From transparency to action: What the latest Microsoft email security benchmark reveals

In our last benchmarking post, Clarity in complexity: New insights for transparent email security ,1 we shared why transparency matters more than ever in email security and how clear, consistent benchmarking helps security teams cut through noise and make confident decisions. Today, we’re...

5.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/03/12 4:0 p.m.13 views

From transparency to action: What the latest Microsoft email security benchmark reveals

In our last benchmarking post, Clarity in complexity: New insights for transparent email security ,1 we shared why transparency matters more than ever in email security and how clear, consistent benchmarking helps security teams cut through noise and make confident decisions. Today, we’re...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/03/09 12:31 p.m.6 views

EUVD-2026-10325

A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function inputzip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploi...

5.3CVSS5.3AI score0.00538EPSS
Exploits1References9
NVD
NVD
added 2026/02/10 6:16 p.m.8 views

CVE-2026-21537

Improper control of generation of code 'code injection' in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network...

8.8CVSS0.00532EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/10 5:51 p.m.4 views

CVE-2026-21537 Microsoft Defender for Endpoint Linux Extension Remote Code Execution Vulnerability

...

8.8CVSS5.2AI score0.00532EPSS
Exploits0References1
Rows per page
Query Builder