CVE-2023-2493414.04.2023, 22:15Microsoft Defender Security Feature Bypass VulnerabilityEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST6.2 MEDIUMLOCALLOWNONECVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NmicrosoftCNA6.2 MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:CCVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 75%VendorProductVersionmicrosoftmalware_protection_platform𝑥< 4.18.2303.8𝑥= Vulnerable software versionsCommon Weakness EnumerationCWE-306 - Missing Authentication for Critical FunctionThe product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Referenceshttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24934https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24934