Описание
Microsoft Defender for Endpoint Tampering Vulnerability
FAQ
What is the nature of this vulnerability?
This is a client-side code vulnerability consisting of the usage of uninitialized buffer in the buffer pool by the MDE sensor on Linux systems. This affects the IP field, causing any remote connection, including failed connections, to be considered as ‘Successful remote logon’. This, in turn, triggers a false-positive alert.
Which platforms are affected by this vulnerability?
All Linux machines are affected. The impact is more severe on servers which are under heavy network/login load.
How was the vulnerability addressed?
The fix enforced full initialization for each buffer before use.
What version of the product contains the update that addressed the vulnerability?
The fix is included in defender version 101.68.80. Customers are advised to ensure their Defender client is the latest version.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Defender for Endpoint for Linux |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Microsoft Defender for Endpoint Tampering Vulnerability
Microsoft Defender for Endpoint Tampering Vulnerability.
Уязвимость Защитника Microsoft (Microsoft Defender for Endpoint) операционной системы Microsoft Windows, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
EPSS
6.5 Medium
CVSS3