CVE-2026-33825: Microsoft Defender Insufficient Granularity of Access Control Vulnerability
Summary
Microsoft Defender has a vulnerability related to insufficient granularity of access control. This flaw could permit an authorized attacker to escalate privileges locally on a system. Federal agencies are required to apply mitigations by May 6, 2026, or discontinue using the product if mitigations are not available.
IFF Assessment
This vulnerability allows for privilege escalation, which is a significant threat to system security.
Severity
The vulnerability allows for local privilege escalation. With administrator privileges, an attacker could bypass security controls and gain full control of the system.
CISA KEV: Listed as actively exploited. Federal patch due: May 06, 2026. Known ransomware use: Unknown.
Defender Context
This vulnerability in Microsoft Defender highlights the importance of keeping security software updated and applying vendor-provided patches and mitigations promptly. Defenders should monitor for any signs of privilege escalation attempts and ensure robust access control mechanisms are in place even within security products themselves.