CVE-2022-33637
published 2022-07-12CVE-2022-33637: Microsoft Defender for Endpoint Tampering Vulnerability
PriorityP434medium6.5CVSS 3.1
AVNACLPRLUINSUCNIHAN
EPSS
1.20%
64.4th percentile
Microsoft Defender for Endpoint Tampering Vulnerability
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_defender_for_endpoint_for_linux | >= 101.0.0 < 101.68.80 | 101.68.80 |
| msrc | microsoft_defender_for_endpoint_for_linux | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
vendor_msrc6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Microsoft Defender for Endpoint Tampering Vulnerability
vendor_msrc·2022-07-12·CVSS 6.5
CVE-2022-33637 [MEDIUM] Microsoft Defender for Endpoint Tampering Vulnerability
Microsoft Defender for Endpoint Tampering Vulnerability
FAQ: What is the nature of this vulnerability?
This is a client-side code vulnerability consisting of the usage of uninitialized buffer in the buffer pool by the MDE sensor on Linux systems. This affects the IP field, causing any remote connection, including failed connections, to be considered as ‘Successful remote logon’. This, in turn, triggers a false-positive alert.
Which platforms are affected by this vulnerability?
All Linux machines are affected. The impact is more severe on servers which are under heavy network/login load.
How was the vulnerability addressed?
The fix enforced full initialization for each buffer before use.
What version of the product contains the update that addressed the vulnerability?
The fix is included i
GHSA
GHSA-35wr-c9xh-h9cf: Microsoft Defender for Endpoint Tampering Vulnerability
ghsa_unreviewed·2022-07-13
CVE-2022-33637 [MEDIUM] GHSA-35wr-c9xh-h9cf: Microsoft Defender for Endpoint Tampering Vulnerability
Microsoft Defender for Endpoint Tampering Vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-07-12
Published