—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Privilege Escalation Vulnerability in Microsoft Defender

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Microsoft Defender Antimalware Platform version 4.18.26020.6 and below.

Overview

A vulnerability has been identified in Microsoft Defender which could allow an authenticated local attacker to gain elevated privileges on the targeted system.

Target Audience:

All end-user organizations and individuals using Microsoft Defender.

Risk Assessment:

High risk of privilege escalation, unauthorized administrative access, and potential system compromise.

Impact Assessment:

Elevation of privileges, unauthorized administrative access, and potential full SYSTEM-level compromise.

Description

Microsoft Defender is a security component of Microsoft Windows that provides protection against malware and other threats.

This vulnerability exists in Microsoft Defender due to insufficient granularity of access control. An authenticated local attacker could exploit this vulnerability by performing specially crafted operations on the targeted system.

Successful exploitation of this vulnerability could allow an authenticated local attacker to gain elevated privileges on the targeted system.

Solution

Users are advised to apply appropriate updates as provided by the vendor:

https://msrc.microsoft.com/update-guide

Vendor Information

Microsoft

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825

References

 

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825

https://www.bleepingcomputer.com/news/security/recently-leaked-windows-zero-days-now-exploited-in-attacks/

CVE Name

CVE-2026-33825

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmnjajAACgkQ3jCgcSdc

ys+zFhAApaCxNwBQefMK1dk2lQC5G6fFyZ0zhGaxaDosPWTwAsynh6OEYCIl9lW/

OSwqjBZsVhAXXStUey3HzzNd6VfVTaLiCe6mZKlipcSdp/vCgQuTfZVibEAZZgYr

uiAlBHmO+4ZRNUxhLgJgS9CK8HAtElcCTsnUL1sRSodGweAaR/G5dlQ0kLUkDMVJ

iGPDYf+mRWsaHLFMNpdSY2KyZMoIObFVt8Fq7GmpV14bHfbHNBh3rdhNU1xke0ey

MfrrkMC1hJqJ11gsefQgD/H8NmXtSfyXdyBCHljXC/IBvs6GHOy5aew5I2I/+Znp

WlGkU0U9+roadgyLdamUdyrT4yECQvGxN471WaxUnGlFngLs8N2Jro0xxQSwyOgV

NU3bkdLduxH5G2SYVItuKBevWb3189L8IWj5Ns77P8NBt51ytb5pqItNpCSf9WQO

Dr2hdx8pSfIeLlEmqr0uG0DHZxvG/B0ivx/19SAkSk5HQ4ASZ62naeTWYYvt0KtW

1mkMds0uoxbkMwU//kdIgwhAHRO3SclLmlrG7InM0vVkjNasu984sW8+flnuNOew

bvOJWgZBFJeYe/AhGX8dWgjGSoDDDugqXW04D2zJIMKBkI/V70JG58G65L8pe+gT

crR5eZ5MT2Xjh7GBfSqI7dCn08Rq65JK20oy05x60Ax4vOhiiFQ=

=nlgU

—–END PGP SIGNATURE—–