MS Defender for Linux vuln

Wudang

BOFH
Wudang
Joined
Jun 30, 2003
Messages
18,137
Location
People's Republic of South Yorkshire
Apparently a few businesses require people to run Microsoft Defender for Endpoint on Linux . It can be tricked into running arbitrary code as root. A fix has been issued but there's some interesting and worrying stuff here https://social.treehouse.systems/@astraleureka/114519306742450562

Some issues: MS says the exploit needs to be run from an elevated process. Untrue, the bug reporter ran it as uid=99/nobody.

Quote
I have a feeling they barely ever have humans looking at this process anymore - it took weeks before they even tried to run the fully-reliable proof of concept I included. "[reproducing the issue ...] has proven more difficult than initially anticipated". (read: "we don't have any mdatp test environments available to us" or "the MSRC reviewers are contractors who are the equivalent of level 1 helpdesk techs", take your pick)

Maybe I'm just suspecting malice, but the CVSS score is a lot lower if they mark the vuln as requiring high privileges.
Click to expand...
More https://astr.al/notes/2024-11-28_mdatp_privesc
 
You must log in or register to reply here.

Back
Top Bottom