CVE-2022-23266: Microsoft Defender for IoT Elevation of Privilege Vulnerability

Overview

Severity

High (CVSS 7.8)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2022-Mar

Released

2022-03-08

EPSS Score

0.41% (percentile: 61.3%)

FAQ

What version of Microsoft Defender for IoT has the update that protects from this vulnerability? Version 22.1.2 and above. What is the action required to take the update? You need to update to the latest Microsoft Defender for IoT software version. See the Update the software version section of Manage the on-premises management console. What is Microsoft Defender for IoT? Microsoft Defender for IoT is a unified security solution for identifying IoT/OT devices, vulnerabilities, and threats. It enables you to secure your entire IoT/OT environment, whether you need to protect existing IoT/OT devices or build security into new IoT innovations. See Microsoft Defender for IoT for more information.

Affected Products (1)

System Center

• Microsoft Defender for IoT

Security Updates (1)

• Release Notes

Acknowledgments

Simon Zuckerbraun of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>

Revision History

• 2022-03-08: Information published.