Microsoft Windows Defender
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Windows Defender.
Recent Microsoft Windows Defender Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2025-26678 | CVE-2025-26678 Windows Defender Application Control Security Feature Bypass Vulnerability | April 8, 2025 |
| CVE-2024-49071 | CVE-2024-49071 Windows Defender Information Disclosure Vulnerability | December 12, 2024 |
| CVE-2024-43645 | CVE-2024-43645 Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability | November 12, 2024 |
| CVE-2024-26237 | Windows Defender Credential Guard Elevation of Privilege Vulnerability | April 9, 2024 |
| CVE-2023-36422 | Microsoft Windows Defender Elevation of Privilege Vulnerability | November 14, 2023 |
| CVE-2023-38163 | Windows Defender Attack Surface Reduction Security Feature Bypass | September 12, 2023 |
| CVE-2023-38175 | Microsoft Windows Defender Elevation of Privilege Vulnerability | August 8, 2023 |
| CVE-2022-37971 | Microsoft Windows Defender Elevation of Privilege Vulnerability | October 11, 2022 |
| CVE-2022-35822 | Windows Defender Credential Guard Security Feature Bypass Vulnerability | August 15, 2022 |
| CVE-2022-34711 | Windows Defender Credential Guard Elevation of Privilege Vulnerability | August 15, 2022 |
By the Year
In 2025 there have been 0 vulnerabilities in Microsoft Windows Defender. Last year, in 2024 Windows Defender had 1 security vulnerability published. Right now, Windows Defender is on track to have less security vulnerabilities in 2025 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 1 | 6.50 |
| 2023 | 2 | 7.80 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 7.80 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Windows Defender vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Windows Defender Security Vulnerabilities
Windows Defender: Improper Authorization in Global Files Search Index
CVE-2024-49071
6.5 - Medium
- December 12, 2024
Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network.
Improper Authorization of Index Containing Sensitive Information
Microsoft Windows Defender Elevation of Privilege Vulnerability
CVE-2023-36422
7.8 - High
- November 14, 2023
Microsoft Windows Defender Elevation of Privilege Vulnerability
Microsoft Windows Defender Elevation of Privilege Vulnerability
CVE-2023-38175
7.8 - High
- August 08, 2023
Microsoft Windows Defender Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Windows Defender antimalware platform improperly handles hard links
CVE-2020-0835
7.8 - High
- April 15, 2020
An elevation of privilege vulnerability exists when Windows Defender antimalware platform improperly handles hard links, aka 'Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability'.
Improper Privilege Management
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly s
CVE-2017-8540
7.8 - High
- May 26, 2017
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8541.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Exchange Server or by Microsoft? Click the Watch button to subscribe.
