Skip to main content

Malware Protection Engine CVE-2023-23389

MEDIUM
Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
2023-03-14 secure@microsoft.com
6.3
CVSS 3.1 · Vendor: microsoft
Share

Severity by source

Vendor (microsoft) PRIMARY
6.3 MEDIUM
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

Primary rating from Vendor (microsoft) · only source for this CVE.

CVSS VectorVendor: microsoft

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 14, 2023 - 17:15 cve.org
MEDIUM 6.3

DescriptionCVE.org

Microsoft Defender Elevation of Privilege Vulnerability

AnalysisAI

Microsoft Defender Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.3).

Technical ContextAI

This vulnerability is classified under CWE-367. Affected products include: Microsoft Malware Protection Engine.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-0290 HIGH POC
7.8 May 09

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Serve

CVE-2017-8541 HIGH POC
7.8 May 26

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Serve

CVE-2017-8538 HIGH POC
7.8 May 26

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Serve

CVE-2017-11937 HIGH
7.8 Dec 07

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows

CVE-2017-11940 HIGH
7.8 Dec 08

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows

CVE-2013-1346 CRITICAL
9.3 May 15

mpengine.dll in Microsoft Malware Protection Engine before 1.1.9506.0 on x64 platforms allows remote attackers to execut

CVE-2017-8542 MEDIUM
5.5 May 26

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Serve

CVE-2017-8539 MEDIUM
5.5 May 26

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Serve

CVE-2021-42298 HIGH
7.8 Nov 10

Microsoft Defender Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authent

CVE-2021-34471 HIGH
7.8 Aug 12

Microsoft Windows Defender Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is l

CVE-2021-34464 HIGH
7.8 Jul 16

Microsoft Defender Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authent

CVE-2021-34522 HIGH
7.8 Jul 14

Microsoft Defender Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authent

Share

CVE-2023-23389 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy