• Quick note - the problem with Youtube videos not embedding on the forum appears to have been fixed, thanks to ZiprHead. If you do still see problems let me know.

MS Defender for Linux vuln

Wudang

BOFH
Wudang
Joined
Jun 30, 2003
Messages
19,049
Location
People's Republic of South Yorkshire
Apparently a few businesses require people to run Microsoft Defender for Endpoint on Linux . It can be tricked into running arbitrary code as root. A fix has been issued but there's some interesting and worrying stuff here https://social.treehouse.systems/@astraleureka/114519306742450562

Some issues: MS says the exploit needs to be run from an elevated process. Untrue, the bug reporter ran it as uid=99/nobody.

Quote
I have a feeling they barely ever have humans looking at this process anymore - it took weeks before they even tried to run the fully-reliable proof of concept I included. "[reproducing the issue ...] has proven more difficult than initially anticipated". (read: "we don't have any mdatp test environments available to us" or "the MSRC reviewers are contractors who are the equivalent of level 1 helpdesk techs", take your pick)

Maybe I'm just suspecting malice, but the CVSS score is a lot lower if they mark the vuln as requiring high privileges.
Click to expand...
More https://astr.al/notes/2024-11-28_mdatp_privesc
 
You must log in or register to reply here.

Similar threads

R
2nd Amendment, On Trial in Supreme Court
Replies
3
Views
2K
BobK
B

Back
Top Bottom