CVE-2022-23278

EUVD-2022-28364
Microsoft Defender for Endpoint Spoofing Vulnerability
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
microsoftCNA
5.9 MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
Affected Products (NVD)
VendorProductVersion
microsoftdefender_for_endpoint_edr_sensor
𝑥
< 10.8047.22439.1056
microsoftdefender_for_endpoint
-
microsoftdefender_for_endpoint
-
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
1809 (arm64, x64, x86)
KB5011503
1909 (arm64, x64, x86)
KB5011485
20H2 (arm64, x86)
KB5011487
21H1 (arm64, x64, x86)
KB5011487
21H2 (arm64, x64, x86)
KB5011487
Windows 11
21H2 (arm64, x64)
KB5011493
Windows Server
20H2 Server Core
KB5011487
Windows Server 2019
Server Core
KB5011503
Standard
KB5011503
Windows Server 2022
Azure
KB5011580
Server Core
KB5011497
Standard
KB5011497
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23278
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23278