- Description
- Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- CNA Tags
- exclusively-hosted-service
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- secure@microsoft.com
- CWE-612
- nvd@nist.gov
- NVD-CWE-Other
- Hype score
- Not currently trending
2/8 CVE-2024-49071 in @Windows Defender could expose sensitive data. Thankfully, it's been fixed server-side. #WindowsSecurity #DataProtection 🛡️
@Eth1calHackrZ
18 Dec 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-49071 Debricked reported that there have been no known exploitations of the vulnerability, despite the attack complexity being low. An attacker would have required some degree of access to Windows Defender in order to have been able to exploit this vulnerability.
@thedeepintel
16 Dec 2024
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-49071 Critical Windows Defender Security Vulnerability Vulnerability that impacted Windows Defender and could allow the improper authorization of an index containing sensitive information from a global files search would allow an attacker to disclose data over a network
@thedeepintel
16 Dec 2024
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Windows: id: CVE-2024-49071 sourceIdentifier: secure@microsoft.com published: 2024-12-12T19:15:09.387 vulnStatus: Awaiting Analysis BaseSeverity: MEDIUM baseScore: 6.5 https://t.co/YaX52JGUa0
@CVETracker
15 Dec 2024
125 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Date:2024-12-15 Windows: id: CVE-2024-49071 sourceIdentifier: secure@microsoft.com published: 2024-12-12T19:15:09.387 vulnStatus: Awaiting Analysis Version: 3.1 BaseSeverity: MEDIUM baseScore: 6.5
@CVETracker
15 Dec 2024
2 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Windows: id: CVE-2024-49071 sourceIdentifier: secure@microsoft.com published: 2024-12-12T19:15:09.387 vulnStatus: Awaiting Analysis Version: 3.1 BaseSeverity: MEDIUM baseScore: 6.5
@CVETracker
15 Dec 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Date:2024-12-15 Potential issue identified: Windows: id: CVE-2024-49071 sourceIdentifier: secure@microsoft.com published: 2024-12-12T19:15:09.387 vulnStatus: Awaiting Analysis
@CVETracker
15 Dec 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
By me @Forbes: Critical CVE-2024-49071 vulnerability allowed information leakage from Windows Defender. #infosec https://t.co/xaAwULmTjo
@happygeek
14 Dec 2024
285 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
#securityupdate #microsoft #定例外 2024.12.12 Windows Defender Information Disclosure Vulnerability CVE-2024-49071 Security Vulnerability リリース日: 2024年12月12日 - マイクロソフト https://t.co/AhhkkeGy5x
@kawn2020
13 Dec 2024
115 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
1 Quote
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:defender_for_endpoint:-:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "B601F85E-E9AA-47B5-A2D7-AD6DC8C04C0D"
}
],
"operator": "OR"
}
]
}
]