CVE-2024-49057: Microsoft Defender for Endpoint on Android Spoofing Vulnerability

Overview

Severity

High (CVSS 8.1)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

Category

Spoofing

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2024-Dec

Released

2024-12-10

EPSS Score

2.94% (percentile: 86.5%)

FAQ

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user must install and use a specially-crafted malicious application on their Android device.

Affected Products (1)

System Center

• Microsoft Defender for Endpoint for Android

Acknowledgments

<a href="https://linkedin.com/in/valsamaras">Dimitrios Valsamaras</a> with <a href="https://www.microsoft.com/">Microsoft</a>

Revision History

• 2024-12-10: Information published.