Msrc Microsoft Defender For Endpoint For Linux vulnerabilities

CVE-2026-21537 [HIGH] CWE-94 Microsoft Defender for Endpoint Linux Extension Remote Code Execution Vulnerability Microsoft Defender for Endpoint Linux Extension Remote Code Execution Vulnerability Description: Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network. FAQ: According to the CVSS metric, the attack vector is local (AV:A). What does that mean for this vulnerability? An attacke

CVE-2025-59497 [HIGH] CWE-367 Microsoft Defender for Linux Denial of Service Vulnerability Microsoft Defender for Linux Denial of Service Vulnerability Description: Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a rac

CVE-2025-47161 [HIGH] CWE-284 Microsoft Defender for Endpoint Elevation of Privilege Vulnerability Microsoft Defender for Endpoint Elevation of Privilege Vulnerability Description: Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. FAQ: How can I verify that the update is installed? Customers wanting to ensure the client has been updated can run the MDE Client Analyzer on the device. When running the analyzer on a Windows dev

CVE-2025-26684 [MEDIUM] CWE-73 Microsoft Defender Elevation of Privilege Vulnerability Microsoft Defender Elevation of Privilege Vulnerability Description: External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. FAQ: How can I verify that the update is installed? Customers wanting to ensure the client has been updated can run the MDE Client Analyzer on the device. When running the analyzer on a Windows device that do

CVE-2024-43614 [MEDIUM] CWE-23 Microsoft Defender for Endpoint for Linux Spoofing Vulnerability Microsoft Defender for Endpoint for Linux Spoofing Vulnerability Description: Relative path traversal in Microsoft Defender for Endpoint allows an authorized attacker to perform spoofing locally. Microsoft Defender for Endpoint: Microsoft Defender for Endpoint Microsoft: Microsoft Customer Action Required: Yes Impact: Spoofing Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Re

CVE-2022-33637 [MEDIUM] Microsoft Defender for Endpoint Tampering Vulnerability Microsoft Defender for Endpoint Tampering Vulnerability FAQ: What is the nature of this vulnerability? This is a client-side code vulnerability consisting of the usage of uninitialized buffer in the buffer pool by the MDE sensor on Linux systems. This affects the IP field, causing any remote connection, including failed connections, to be considered as ‘Successful remote logon’. This, in turn, triggers a false-posit