CVE-2025-26678: Windows Defender Application Control Security Feature Bypass Vulnerability

Overview

Severity

High (CVSS 8.4)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Security Feature Bypass

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2025-Apr

Released

2025-04-08

EPSS Score

0.60% (percentile: 69.5%)

Description

Improper access control in Windows Defender Application Control (WDAC) allows an unauthorized attacker to bypass a security feature locally.

FAQ

What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploits this vulnerability could bypass Windows Defender Application Control (WDAC) enforcement. This could lead to the ability to run unauthorized applications on target systems. How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by launching any executable that is allowed to launch by a per process rule. Once that executable is validly launched by the correct process, any restrictions on the executable are lifted; and it can be executed outside of the correct process. This bypasses the application control policy entirely

Affected Products (21)

Windows

• Windows 10 Version 1809 for 32-bit Systems
• Windows 10 Version 1809 for x64-based Systems
• Windows Server 2019
• Windows Server 2019 (Server Core installation)
• Windows Server 2022
• Windows Server 2022 (Server Core installation)
• Windows 10 Version 21H2 for 32-bit Systems
• Windows 10 Version 21H2 for ARM64-based Systems
• Windows 10 Version 21H2 for x64-based Systems
• Windows Server 2025 (Server Core installation)
• Windows 11 Version 23H2 for ARM64-based Systems
• Windows 11 Version 23H2 for x64-based Systems
• Windows Server 2022, 23H2 Edition (Server Core installation)
• Windows 11 Version 24H2 for ARM64-based Systems
• Windows 11 Version 24H2 for x64-based Systems
• Windows Server 2025

ESU

• Windows 11 Version 22H2 for ARM64-based Systems
• Windows 11 Version 22H2 for x64-based Systems
• Windows 10 Version 22H2 for x64-based Systems
• Windows 10 Version 22H2 for ARM64-based Systems
• Windows 10 Version 22H2 for 32-bit Systems

Security Updates (6)

• 5055519
• 5055526
• 5055518
• 5055528
• 5055523
• 5055527

Acknowledgments

Deven Bowers with Microsoft

Revision History

• 2025-04-08: Information published.