Description
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.
Published: 2026-04-14
Score: 7.8 High
EPSS: 4.9% Low
KEV: Yes
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The vulnerability arises from insufficient granularity in Microsoft Defender's access control, enabling an attacker with legitimate local access to elevate privileges to higher levels. This flaw, identified as CWE-1220, can lead to unauthorized execution of actions that require elevated rights, potentially compromising the entire system. The impact is local privilege escalation, permitting the attacker to exploit system resources, modify configuration, or install malware.

Affected Systems

All installations of Microsoft Defender Antimalware Platform, including Windows Defender, are affected unless they have already applied the security update referenced in the Microsoft Advisory. Developers should verify the Defender version and apply the latest update. The workaround is not specified by Microsoft.

Risk and Exploitability

The CVSS score of 7.8 marks this as a high impact vulnerability, while an EPSS score of 3% indicates a modest probability of exploitation in the wild. With this vulnerability listed in the CISA Known Exploited Vulnerabilities catalog, security teams should treat it as a confirmed threat. The attack requires an authorized local user and bypasses the platform’s granular access controls, allowing the attacker to elevate privileges. No public vulnerability exploitation string has been publicly disclosed beyond the advisory, but the KEV listing demonstrates that exploitation has already occurred.

Generated by OpenCVE AI on April 28, 2026 at 16:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Defender update from Microsoft Security Response Center or Windows Update.
  • Restrict local accounts to the minimum privileges required for their tasks and disable any unnecessary administrator accounts.
  • Enforce least privilege by configuring Defender permissions via Group Policy and auditing any changes to high‑privilege accounts.

Generated by OpenCVE AI on April 28, 2026 at 16:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 23:30:00 +0000

Type Values Removed Values Added
References

Wed, 22 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-04-22T00:00:00+00:00', 'dueDate': '2026-05-06T00:00:00+00:00'}

Wed, 22 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
References

Mon, 20 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft defender Antimalware Platform
CPEs cpe:2.3:a:microsoft:defender_antimalware_platform:*:*:*:*:*:*:*:*
Vendors & Products Microsoft defender Antimalware Platform

Wed, 15 Apr 2026 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows Defender Antimalware Platform
Vendors & Products Microsoft windows Defender Antimalware Platform

Wed, 15 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
Description Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.
Title Microsoft Defender Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft microsoft Defender
Weaknesses CWE-1220
CPEs cpe:2.3:a:microsoft:microsoft_defender:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft microsoft Defender
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C'}

Subscriptions

Microsoft Defender Antimalware Platform Microsoft Defender Windows Defender Antimalware Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-04-30T14:42:48.102Z

Reserved: 2026-03-24T00:52:01.352Z

Link: CVE-2026-33825

cve-icon Vulnrichment

Updated: 2026-04-15T09:08:59.756Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-14T18:17:35.100

Modified: 2026-04-23T17:26:30.713

Link: CVE-2026-33825

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T16:30:35Z

Weaknesses