Apr 2026: Microsoft Defender Elevation of Privilege Vulnerability
CVE-2026-33825 Published on April 14, 2026
Microsoft Defender Elevation of Privilege Vulnerability
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.
Known Exploited Vulnerability
This Microsoft Defender Insufficient Granularity of Access Control Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally.
The following remediation steps are recommended / required by May 6, 2026: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Weakness Type
Insufficient Granularity of Access Control
The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.
Products Associated with CVE-2026-33825
Want to know whenever a new CVE is published for Microsoft Defender? stack.watch will email you.
Affected Versions
Microsoft Defender Antimalware Platform:- Version 4.0.0.0 and below 4.18.26030.3011 is affected.