CVE-2022-23278
published 2022-03-09CVE-2022-23278: Microsoft Defender for Endpoint Spoofing Vulnerability
PriorityP430medium5.9CVSS 3.1
AVNACHPRNUINSUCNIHAN
EPSS
1.83%
76.2th percentile
Microsoft Defender for Endpoint Spoofing Vulnerability
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | defender_for_endpoint_edr_sensor | < 10.8047.22439.1056 | 10.8047.22439.1056 |
| microsoft | microsoft_defender_for_endpoint_edr_sensor | >= 1.0.0.0 < 10.8047.22439 | 10.8047.22439 |
| microsoft | microsoft_defender_for_endpoint_for_android | >= 1.0.0.0 < 1.0.3011.0302 | 1.0.3011.0302 |
| microsoft | microsoft_defender_for_endpoint_for_ios | >= 1.0.0.0 < 1.1.18090109 | 1.1.18090109 |
| microsoft | microsoft_defender_for_endpoint_for_linux | >= 101.0.0 < 101.60.93 | 101.60.93 |
| microsoft | microsoft_defender_for_endpoint_for_mac | >= 101.0.0 < 101.60.91 | 101.60.91 |
| microsoft | microsoft_defender_for_endpoint_for_windows | >= 1.0.0.0 < 10.0.19042.1586 | 10.0.19042.1586 |
| msrc | microsoft_defender | — | — |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_msrc5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fwqp-wm97-mvcp: Microsoft Defender for Endpoint Spoofing Vulnerability
ghsa_unreviewed·2022-03-10
CVE-2022-23278 [MEDIUM] GHSA-fwqp-wm97-mvcp: Microsoft Defender for Endpoint Spoofing Vulnerability
Microsoft Defender for Endpoint Spoofing Vulnerability.
Microsoft
Microsoft Defender for Endpoint Spoofing Vulnerability
vendor_msrc·2022-03-08·CVSS 5.9
CVE-2022-23278 [MEDIUM] Microsoft Defender for Endpoint Spoofing Vulnerability
Microsoft Defender for Endpoint Spoofing Vulnerability
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.
FAQ: How can I verify that the update is installed?
Customers wanting to ensure the client has been updated can run the MDE Client Analyzer on the device. When running the analyzer on a Windows device that does not have the security update, the analyzer will present a warning (ID 121035) indicating missing patch and directing to relevant online article. Additionally, if the update is installed, but the Anti-Spoofing capability is not in a stable state, the analyzer will present
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-03-09
Published