Microsoft Defender for Endpoint Spoofing

Microsoft has flagged a spoofing vulnerability found in Microsoft Defender for Endpoint that allows attackers to spoof information between clients and the service.

The vulnerability, CVE-2022-23278, impacts all of the tech giant’s platforms, it claimed in a blog post on the Microsoft Security Response Center.

“Cyber criminals are looking for any opening to tamper with security protections in order to blind, confuse, or often shut off customer defenses,Microsoft continuously works to defeat these methods to help our customers protect their environment and gain visibility when attacks occur, both through our own research and in partnership with the security community.With our March security update release, we are further hardening Microsoft Defender for Endpoint by addressing the ability for attackers to spoof information between the client and the service. This vulnerability impacts all platforms and the updates we have released should be deployed just like any other security update.”

That security update includes a fix for various iterations of Defender for Endpoint, including Windows 11, 10 and 8.1, as well as Windows Server 2012, 2016, 2019, 2022 and 20H2.

The fix should already be applied for users with automatic updates turned on, Microsoft claimed, and users with this option turned off should turn it back on in order to address the issue.

The tech giant also said it was not aware of any attacks using the exploit, but added that customers should still be on the lookout for suspicious client communication as it could be either caused by device spoofing or misconfigured devices.