Microsoft Defender Denial of Service Vulnerability Affects Windows and Azure Services
CVE-2023-24860

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Malware Protection Engine
Vendor: CVE Published:; 11 April 2023

What is CVE-2023-24860?

A denial of service vulnerability in Microsoft Defender could allow an attacker to disrupt the availability of the service. This could result in potential downtime for users relying on the software for their cybersecurity needs. Organizations using the affected versions are encouraged to apply the latest updates to mitigate any risk associated with this vulnerability.

Affected Version(s)

Microsoft Malware Protection Engine Unknown 1.1.0.0 < 1.1.20200.4

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2023
Vulnerability Reserved
Jan 31, 2023