Microsoft Windows Defender Elevation of Privilege Vulnerability
CVE-2023-36422

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Windows Defender Antimalware Platform
Vendor: CVE Published:; 14 November 2023

What is CVE-2023-36422?

A vulnerability has been identified in Microsoft Windows Defender that can be exploited to elevate privileges. This flaw could allow unauthorized users to gain elevated access to system resources, potentially compromising the integrity and confidentiality of the operating system. Users are encouraged to apply the latest security updates to mitigate this risk.

Affected Version(s)

Windows Defender Antimalware Platform Unknown 4.0.0.0 < 4.18.23100.2009

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Jun 21, 2023