CVE-2023-24934: Microsoft Defender Security Feature Bypass Vulnerability

Overview

Severity

Medium (CVSS 6.2)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

Category

Security Feature Bypass

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2023-Apr

Released

2023-04-14

Last Updated

2023-04-27

EPSS Score

0.97% (percentile: 76.6%)

FAQ

What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass the Windows Defender detection with a specially crafted file. References Identification Last version of the Microsoft Malware Protection Platform affected by this vulnerability Version 4.18.2302.7 First version of the Microsoft Malware Protection Platform with this vulnerability addressed Version 4.18.2303.8 See Manage Updates Baselines Microsoft Defender Antivirus for more information. Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue? Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state. Why is no action required to install this update? In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Platform. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner. For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Platform are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating. Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Platform updates and malware definitions, is working as expected in their environment. How often are the Microsoft Malware Protection Platform and malware definitions updated? Microsoft typically releases an update for the Microsoft Malware

Affected Products (1)

System Center

• Microsoft Malware Protection Platform

Acknowledgments

Tomer Bar and Omer Attias with <a href="https://safebreach.com/">SafeBreach</a>

Revision History

• 2023-04-14: Information published. This CVE was addressed by updates that were released in April 2023, but the CVE was inadvertently omitted from the April 2023 Security Updates. This is an informational change only. Customers who have already installed the April 2023 updates do not need to take any further action.
• 2023-04-18: Added FAQ information. This is an informational change only.
• 2023-04-19: Updated the products listed in the Security Updates table. This is an informational change only.
• 2023-04-27: Added an acknowledgement. This is an informational change only.