Microsoft Windows Defender Elevation of Privilege Vulnerability
CVE-2023-38175

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Windows Defender Antimalware Platform
Vendor: CVE Published:; 8 August 2023

What is CVE-2023-38175?

An elevation of privilege vulnerability exists in Microsoft Windows Defender that could allow an attacker to gain elevated permissions on the affected system. This issue stems from improper validation of file paths, which can be exploited through specially crafted files, compromising system integrity and security. Users are advised to apply the latest security updates to mitigate potential risks.

Affected Version(s)

Windows Defender Antimalware Platform Unknown 4.0.0.0 < 1.1.23060.3001

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Jul 12, 2023