7.8

CVE-2026-33825

Warnung
Medienbericht

Microsoft Defender Elevation of Privilege Vulnerability

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftDefender Antimalware Platform Version < 4.18.26030.3011

22.04.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Defender Insufficient Granularity of Access Control Vulnerability

Schwachstelle

Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.38% 0.911
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secure@microsoft.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-1220 Insufficient Granularity of Access Control

The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.