COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-33825

CVE-2026-33825

Severity
critical · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-04-22
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-33825
⌖ exploited in the wild shame 85/100 ransomwareexploited-in-wildprivilege-escalationunpatched

Microsoft Defender allows local privilege escalation via insufficient access control granularity, enabling ransomware-linked attackers to bypass security controls.

This critical vulnerability in Microsoft Defender permits authorized attackers to escalate privileges locally, undermining the security posture of DIB organizations relying on Defender for compliance. Because it is actively exploited and linked to ransomware, it poses an immediate threat to data integrity and confidentiality, requiring immediate patching and access control review.

Shame score — A critical, actively exploited vulnerability in a core security product that enables ransomware-linked privilege escalation.

Players implicated

Microsoft · vendorDefender · product

Description

Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally.

Affected FedRAMP products 4 in the catalog

ProductProviderStatusMatch
Azure Commercial Cloud Microsoft Authorized vendor-exact · 0.90
Azure Government (includes Dynamics 365) Microsoft Authorized vendor-exact · 0.90
Microsoft Office 365 GCC High Microsoft In Process vendor-exact · 0.90
Office 365 Multi-Tenant & Supporting Services Microsoft Authorized vendor-exact · 0.90