{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-33825/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-33825"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["privilege-escalation","microsoft-defender","cve-2026-33825"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-33825 describes a privilege escalation vulnerability affecting Microsoft Defender. The vulnerability stems from insufficient granularity of access control, allowing an attacker with local access and some level of authorization to elevate their privileges on the system. The vulnerability was published on April 14, 2026. Successful exploitation of this vulnerability would allow an attacker to perform actions with higher privileges than intended, potentially leading to system compromise. Microsoft has released a patch, and defenders should apply it as soon as possible.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains initial local access to a system with Microsoft Defender installed. This may be achieved through existing credentials or exploitation of another vulnerability.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies a specific area within Microsoft Defender where access control is insufficiently granular.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request or input that exploits the identified access control weakness.\u003c/li\u003e\n\u003cli\u003eMicrosoft Defender processes the malicious request, failing to properly validate the attacker\u0026rsquo;s authorization level.\u003c/li\u003e\n\u003cli\u003eThe attacker gains elevated privileges within the context of Microsoft Defender.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the elevated privileges to modify Defender settings, policies, or configurations.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the modified Defender configuration to execute arbitrary code with elevated privileges on the system.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves full system compromise, potentially leading to data theft, malware installation, or denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-33825 allows an attacker to escalate privileges on a system running Microsoft Defender. This could allow the attacker to disable security features, install malware, steal sensitive data, or gain complete control of the affected system. Given the widespread deployment of Microsoft Defender, this vulnerability poses a significant risk to a large number of organizations and individuals.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the Microsoft patch for CVE-2026-33825 immediately to remediate the vulnerability (\u003ca href=\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825)\"\u003ehttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for unusual processes spawned by Microsoft Defender processes (see Sigma rule below).\u003c/li\u003e\n\u003cli\u003eReview and harden Microsoft Defender\u0026rsquo;s configuration to ensure least privilege and prevent unauthorized modifications.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-15T12:00:00Z","date_published":"2026-04-15T12:00:00Z","id":"/briefs/2026-04-defender-privesc/","summary":"CVE-2026-33825 allows a locally authenticated attacker to escalate privileges in Microsoft Defender due to insufficient access control granularity.","title":"Microsoft Defender Privilege Escalation Vulnerability (CVE-2026-33825)","url":"https://feed.craftedsignal.io/briefs/2026-04-defender-privesc/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-33825","version":"https://jsonfeed.org/version/1.1"}