Skip to main content

Windows Defender

23 CVEs product

Monthly

CVE-2023-36422 HIGH PATCH This Week

Microsoft Windows Defender Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows Defender
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-38175 HIGH PATCH This Week

Microsoft Windows Defender Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows Defender
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-24092 HIGH PATCH This Week

Microsoft Defender Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows Defender Endpoint Protection Security Essentials +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-1647 HIGH KEV PATCH THREAT This Week

Microsoft Defender Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft RCE Windows Defender Security Essentials System Center Endpoint Protection
NVD
CVSS 3.1
7.8
EPSS
39.7%
CVE-2020-1461 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows Defender Forefront Endpoint Protection 2010 Security Essentials +1
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2020-1170 HIGH POC PATCH This Week

An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows Defender Forefront Endpoint Protection 2010 Security Essentials +1
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2020-1163 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows Defender Forefront Endpoint Protection 2010 Security Essentials +1
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-1002 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows Defender Forefront Endpoint Protection 2010 Security Essentials +1
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2020-0835 HIGH PATCH This Week

An elevation of privilege vulnerability exists when Windows Defender antimalware platform improperly handles hard links, aka 'Windows Defender Antimalware Platform Hard Link Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows Defender
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2019-1255 HIGH PATCH This Week

A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Windows Defender Forefront Endpoint Protection 2010 Security Essentials +1
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2019-1161 HIGH PATCH This Week

An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Windows Defender Forefront Endpoint Protection 2010 Security Essentials System Center Endpoint Protection
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2018-0986 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Microsoft RCE Buffer Overflow Exchange Server +5
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
61.5%
CVE-2017-8558 HIGH POC THREAT Act Now

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 57.8%.

Buffer Overflow RCE Microsoft Windows Defender Endpoint Protection +3
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
57.8%
Threat
4.8
CVE-2017-8542 MEDIUM This Month

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 19.2% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Forefront Security Malware Protection Engine +1
NVD
CVSS 3.0
5.5
EPSS
19.2%
CVE-2017-8541 HIGH POC THREAT Act Now

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 64.2%.

Buffer Overflow RCE Microsoft Forefront Security Malware Protection Engine +1
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
64.2%
Threat
5.0
CVE-2017-8539 MEDIUM This Month

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 19.2% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft Forefront Security Malware Protection Engine +1
NVD
CVSS 3.0
5.5
EPSS
19.2%
CVE-2017-8538 HIGH POC THREAT Act Now

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 62.6%.

Buffer Overflow RCE Microsoft Forefront Security Malware Protection Engine +1
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
62.6%
Threat
4.9
CVE-2017-8537 MEDIUM POC PATCH This Month

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Microsoft Windows Defender Endpoint Protection +5
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
5.0%
CVE-2017-8536 MEDIUM POC PATCH This Month

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Microsoft Windows Defender Endpoint Protection +5
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
5.0%
CVE-2017-8535 MEDIUM POC PATCH This Month

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Microsoft Windows Defender Endpoint Protection +5
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
5.0%
CVE-2017-0290 HIGH POC PATCH THREAT Act Now

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 87.8%.

Buffer Overflow RCE Microsoft Forefront Security Malware Protection Engine +1
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
87.8%
Threat
5.7
CVE-2013-3154 MEDIUM This Month

The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Microsoft Windows Defender Windows 7 Windows Server 2008
NVD
CVSS 2.0
6.9
EPSS
3.8%
CVE-2013-0078 HIGH This Week

The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows Defender
NVD
CVSS 2.0
7.2
EPSS
0.9%
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft Windows Defender Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows Defender
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft Windows Defender Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows Defender
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft Defender Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows Defender +3
NVD
EPSS 40% CVSS 7.8
HIGH KEV PATCH THREAT This Week

Microsoft Defender Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft RCE Windows Defender +2
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows Defender +3
NVD
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows Defender +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows Defender +3
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows Defender +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

An elevation of privilege vulnerability exists when Windows Defender antimalware platform improperly handles hard links, aka 'Windows Defender Antimalware Platform Hard Link Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows Defender
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Windows Defender +3
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Windows Defender Forefront Endpoint Protection 2010 +2
NVD
EPSS 61% CVSS 8.8
HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Microsoft RCE +7
NVD Exploit-DB
EPSS 58% 4.8 CVSS 7.8
HIGH POC THREAT Act Now

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 57.8%.

Buffer Overflow RCE Microsoft +5
NVD Exploit-DB
EPSS 19% CVSS 5.5
MEDIUM This Month

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 19.2% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft +3
NVD
EPSS 64% 5.0 CVSS 7.8
HIGH POC THREAT Act Now

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 64.2%.

Buffer Overflow RCE Microsoft +3
NVD Exploit-DB
EPSS 19% CVSS 5.5
MEDIUM This Month

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 19.2% and no vendor patch available.

Buffer Overflow Denial Of Service Microsoft +3
NVD
EPSS 63% 4.9 CVSS 7.8
HIGH POC THREAT Act Now

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 62.6%.

Buffer Overflow RCE Microsoft +3
NVD Exploit-DB
EPSS 5% CVSS 5.5
MEDIUM POC PATCH This Month

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Microsoft +7
NVD Exploit-DB
EPSS 5% CVSS 5.5
MEDIUM POC PATCH This Month

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Microsoft +7
NVD Exploit-DB
EPSS 5% CVSS 5.5
MEDIUM POC PATCH This Month

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Microsoft +7
NVD Exploit-DB
EPSS 88% 5.7 CVSS 7.8
HIGH POC PATCH THREAT Act Now

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 87.8%.

Buffer Overflow RCE Microsoft +3
NVD Exploit-DB
EPSS 4% CVSS 6.9
MEDIUM This Month

The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation Microsoft Windows Defender +2
NVD
EPSS 1% CVSS 7.2
HIGH This Week

The Microsoft Antimalware Client in Windows Defender on Windows 8 and Windows RT uses an incorrect pathname for MsMpEng.exe, which allows local users to gain privileges via a crafted application, aka. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows Defender
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy