漏洞标题
Microsoft Defender提升权限漏洞
漏洞描述信息
在Microsoft Defender中的MpSigStub.exe程序允许在任意位置删除文件时,存在特权提升漏洞。要利用此漏洞,攻击者必须先登录系统,即“Microsoft Defender 特权提升漏洞”。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
漏洞类别
N/A
漏洞标题
Microsoft Defender Elevation of Privilege Vulnerability
漏洞描述信息
An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.
To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted command that could exploit the vulnerability and delete protected files on an affected system once MpSigStub.exe ran again.
The update addresses the vulnerability and blocks the arbitrary deletion.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
多款Microsoft产品权限许可和访问控制问题漏洞
漏洞描述信息
Microsoft Forefront Endpoint Protection等都是美国微软(Microsoft)公司的产品。Microsoft Forefront Endpoint Protection是一套端点安全防护软件。Microsoft Security Essentials是一套免费的杀毒软件。Microsoft Windows Defender是一套Windows系统附带的防病毒软件。 多款Microsoft产品中存在权限许可和访问控制问题漏洞,该漏洞源于用于Defender的MpSigSt
CVSS信息
N/A
漏洞类别
权限许可和访问控制问题