Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild
Privilege escalation lets an attacker gain elevated access, which can enable data theft or system control; least privilege and patching limit impact.
Search across headline titles and summaries.
Background for this topic.
Privilege escalation is gaining access beyond the permissions assigned to an account, process, or service. Vertical escalation moves from a lower-privileged role to an administrator or system account; horizontal escalation accesses another user’s resources at a similar privilege level. Attack paths include software vulnerabilities, insecure authorization checks, exposed credentials, unsafe service configurations, and excessive permissions in operating systems, applications, cloud environments, or containers.
Successful escalation can let an attacker change security settings, access protected data, execute code as a trusted service, or establish control that survives an initial compromise. The most relevant defenses are least-privilege access, strong separation of administrative accounts, server-side authorization checks for every sensitive action, timely remediation of exploitable flaws, and review of permissions for users, services, and workloads. Logging privileged actions and unusual account or process behavior supports detection and helps determine whether a compromised low-privilege foothold reached higher-value systems.
Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild
Drupal has released security updates for a "highly critical" security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure
PinTheft, a recently patched Linux privilege escalation vulnerability, now has a publicly available proof-of-concept (PoC) exploit that allows local attackers to gain root privileges on Arch Linux systems. [...]
Chainable Bugs Enable Credential Theft, Persistence, TakeoverFour chainable flaws in OpenClaw allowed attackers to move from an initial foothold to persistent system-level compromise by abusing the AI agent's own privileges. The bugs enabled credential theft, privilege escalation and backdoor deployment, affecting all versions released before April 23.
Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE)
Microsoft's total vulnerability count stayed steady in 2025, but critical flaws surged year over year. BeyondTrust breaks down why attackers are increasingly focused on privilege escalation and identity abuse. [...]
Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code
Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems
A recently patched local privilege escalation vulnerability in the Linux kernel's rxgk module now has a proof-of-concept exploit that allows attackers to gain root access on some Linux systems. [...]
A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed "MiniPlasma" that lets attackers gain SYSTEM privileges on fully patched Windows systems. [...]