Description
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.
Published: 2026-04-14
Score: 7.8 High
EPSS: 6.7% Low
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from insufficient granularity in Microsoft Defender Antimalware Platform's access control, allowing an attacker with legitimate local access to elevate privileges to higher levels. The flaw, identified as CWE-1220, can enable unauthorized execution of actions that require elevated rights, potentially compromising the entire system. This local privilege escalation permits an attacker to modify configurations or install malware once the higher privileges are obtained.

Affected Systems

All installations of Microsoft Defender Antimalware Platform are affected unless they have already applied the security update referenced in the Microsoft Advisory. No other vendors or products were indicated as impacted in the CNA data.

Risk and Exploitability

The CVSS score of 7.8 classifies this as a high-impact vulnerability, and the EPSS score of 6% indicates a moderate probability of exploitation in the wild. It is listed in the CISA Known Exploited Vulnerabilities catalog, which confirms that exploitation has occurred. The likely attack vector is an authorized local user bypassing the platform’s granular access controls to elevate privileges. (Based on the description, it is inferred that the attacker must have local access to exploit this flaw.)

Generated by OpenCVE AI on June 18, 2026 at 09:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the security update for Microsoft Defender Antimalware Platform that resolves CVE-2026-33825, as detailed in the Microsoft Security Advisory.
  • Restrict local user accounts from privileged access to the Defender Antimalware Platform, ensuring that only administrators or dedicated service accounts can perform high‑privilege actions.
  • Enable and monitor security event logging for privilege escalation attempts and review logs regularly for anomalous activity related to the Defender Antimalware Platform.

Generated by OpenCVE AI on June 18, 2026 at 09:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 23:30:00 +0000

Type Values Removed Values Added
References

Wed, 22 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-04-22T00:00:00+00:00', 'dueDate': '2026-05-06T00:00:00+00:00'}

Wed, 22 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
References

Mon, 20 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft defender Antimalware Platform
CPEs cpe:2.3:a:microsoft:defender_antimalware_platform:*:*:*:*:*:*:*:*
Vendors & Products Microsoft defender Antimalware Platform

Wed, 15 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows Defender Antimalware Platform
Vendors & Products Microsoft windows Defender Antimalware Platform

Wed, 15 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
Description Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.
Title Microsoft Defender Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft microsoft Defender
Weaknesses CWE-1220
CPEs cpe:2.3:a:microsoft:microsoft_defender:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft microsoft Defender
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C'}

Subscriptions

Microsoft Defender Antimalware Platform Microsoft Defender Windows Defender Antimalware Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-19T16:08:11.602Z

Reserved: 2026-03-24T00:52:01.352Z

Link: CVE-2026-33825

cve-icon Vulnrichment

Updated: 2026-04-15T09:08:59.756Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-14T18:17:35.100

Modified: 2026-06-17T10:38:09.690

Link: CVE-2026-33825

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T09:15:16Z

Weaknesses
  • CWE-1220

    Insufficient Granularity of Access Control