CVE-2024-21315

nvd nist

Published: Feb 13, 2024Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability

Affected (12)

Products: Microsoft: Defender For Endpoint

Microsoft

1 product

Defender For Endpoint

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Defender For Endpoint	Before 10.0.25398.531

Running on/with	Platform Versions
Microsoft Windows Server 2022 23h2	All versions

Configuration B

2 platform

Running on/with	Platform Versions
Microsoft Windows 10 22h2	All versions
Microsoft Windows 10 22h2	All versions

Configuration C

2 platform

Running on/with	Platform Versions
Microsoft Windows 11 22h2	All versions
Microsoft Windows 11 23h2	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Defender For Endpoint	Before 6.3.9600.21813

Running on/with	Platform Versions
Microsoft Windows Server 2012	Version r2

Configuration E

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Microsoft Defender For Endpoint	Before 10.0.14393.6452

Running on/with	Platform Versions
Microsoft Windows 10 1607	All versions
Microsoft Windows 10 1607	All versions
Microsoft Windows Server 2016	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Defender For Endpoint	Before 6.2.9200.24710

Running on/with	Platform Versions
Microsoft Windows Server 2012	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Defender For Endpoint	Before 10.0.19045.3693

Running on/with	Platform Versions
Microsoft Windows 10 22h2	All versions

Configuration H

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Microsoft Defender For Endpoint	Before 10.0.22621.2715

Running on/with	Platform Versions
Microsoft Windows 11 22h2	All versions
Microsoft Windows 11 23h2	All versions

Configuration I

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Microsoft Defender For Endpoint	Before 10.0.10240.20308

Running on/with	Platform Versions
Microsoft Windows 10 1507	All versions
Microsoft Windows 10 1507	All versions

Configuration J

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Microsoft Defender For Endpoint	Before 10.0.19043.3693

Running on/with	Platform Versions
Microsoft Windows 10 21h2	All versions
Microsoft Windows 10 21h2	All versions
Microsoft Windows 10 21h2	All versions

Configuration K

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Microsoft Defender For Endpoint	Before 10.0.22000.2600

Running on/with	Platform Versions
Microsoft Windows 11 21h2	All versions
Microsoft Windows 11 21h2	All versions

Configuration L

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Defender For Endpoint	Before 6.2.9200.24569

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Defender For Endpoint	Before 10.0.20348.2113

Running on/with	Platform Versions
Microsoft Windows Server 2022	All versions

Configuration N

1 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Microsoft Defender For Endpoint	Before 10.0.17763.5122

Running on/with	Platform Versions
Microsoft Windows 10 1809	All versions
Microsoft Windows 10 1809	All versions
Microsoft Windows 10 1809	All versions
Microsoft Windows Server 2019	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21315

Source: secure@microsoft.com

PatchVendor Advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21315

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.