Exposures › CVE-2026-33825
Microsoft Defender allows local privilege escalation via insufficient access control granularity, enabling ransomware-linked attackers to bypass security controls.
This critical vulnerability in Microsoft Defender permits authorized attackers to escalate privileges locally, undermining the security posture of DIB organizations relying on Defender for compliance. Because it is actively exploited and linked to ransomware, it poses an immediate threat to data integrity and confidentiality, requiring immediate patching and access control review.
Shame score — A critical, actively exploited vulnerability in a core security product that enables ransomware-linked privilege escalation.
Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally.
| Product | Provider | Status | Match |
|---|---|---|---|
| Azure Commercial Cloud | Microsoft | Authorized | vendor-exact · 0.90 |
| Azure Government (includes Dynamics 365) | Microsoft | Authorized | vendor-exact · 0.90 |
| Microsoft Office 365 GCC High | Microsoft | In Process | vendor-exact · 0.90 |
| Office 365 Multi-Tenant & Supporting Services | Microsoft | Authorized | vendor-exact · 0.90 |