Primary

Context

Microsoft Defender for Endpoint Privilege Escalation Vulnerability

Vulnerability

Patched

A vulnerability allowing external control of file names or paths in Microsoft Defender for Endpoint has been identified. This issue enables an authorized attacker to locally elevate privileges. The vulnerability arises from improper handling of file names or paths, which could be exploited to gain higher system privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain SYSTEM privileges.

Remediation

Users can verify if the security update is installed by running the MDE Client Analyzer on their device. The analyzer will indicate if the patch is missing or if there are issues with the Anti-Spoofing capability. For Microsoft Defender for Endpoint on Linux, the security update is included in version 101.25032.0008.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

7.5

exploitability

2.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

7.5

exploitability

2.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Defender for Endpoint Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft Defender for Endpoint

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating