CVE-2021-1647

Microsoft Defender Remote Code Execution Vulnerability

CVSS 7.8 HIGHEPSS 39.7%● KEV

Vexday Risk Score

83Fix now

SSVC decision (CISA)

Act

Exploitation + impact → act immediately

CVSS 7.8EPSS 39.7%KEV simPoC públicaNuclei —Metasploit —Patch referenciado

Lifecycle

12 Jan 2021Published on NVD

23 Jan 2021Public PoC

03 Nov 2021Active exploitation (CISA KEV)

Recommendation: Patch as soon as possible — active exploitation confirmed.

In short

A security flaw in Microsoft Defender allows an attacker to run malicious code on a computer without permission. This is dangerous because Defender is supposed to protect your system, not be a way for attackers to compromise it.

Technical detail

A remote code execution vulnerability in Microsoft Defender allows an attacker to execute arbitrary code with elevated privileges through a network vector or local exploitation path. The vulnerability requires specific preconditions but can lead to complete system compromise once the code is executed.

Summary generated and translated by AI from the official description.

Microsoft Defender Remote Code Execution Vulnerability

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Affected products

Microsoft · Microsoft Security Essentials Microsoft · Microsoft System Center 2012 Endpoint Protection Microsoft · Microsoft System Center 2012 R2 Endpoint Protection Microsoft · Microsoft System Center Endpoint Protection Microsoft · Windows Defender

public PoCs found — 1

githubgithub.com/findcool/cve-2021-1647★ 1

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1647 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1647 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1647