CVE-2021-1647

Microsoft Defender Remote Code Execution Vulnerability

CVSS 7.8 HIGHEPSS 39.7%● KEV

In short

A security flaw in Microsoft Defender allows an attacker to run malicious code on a computer without permission. This is dangerous because Defender is supposed to protect your system, not be a way for attackers to compromise it.

Technical detail

A remote code execution vulnerability in Microsoft Defender allows an attacker to execute arbitrary code with elevated privileges through a network vector or local exploitation path. The vulnerability requires specific preconditions but can lead to complete system compromise once the code is executed.

Summary generated and translated by AI from the official description.

Microsoft Defender Remote Code Execution Vulnerability

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Affected products

Microsoft · Microsoft Security Essentials Microsoft · Microsoft System Center 2012 Endpoint Protection Microsoft · Microsoft System Center 2012 R2 Endpoint Protection Microsoft · Microsoft System Center Endpoint Protection Microsoft · Windows Defender

public PoCs found — 1

githubgithub.com/findcool/cve-2021-1647★ 1

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1647 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1647 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1647