CVE-2021-1647
Published: 12 January 2021
Summary
CVE-2021-1647 is a high-severity an unspecified weakness vulnerability in Microsoft System Center Endpoint Protection. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 1.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).
Deeper analysis
Microsoft Defender contains a remote code execution vulnerability that affects the Microsoft Defender component on Windows systems. The flaw carries a CVSS 3.1 base score of 7.8 and is characterized by local attack vector, low attack complexity, low privileges required, and no user interaction, resulting in high impact to confidentiality, integrity, and availability.
An attacker with local access and limited privileges can exploit the vulnerability to execute arbitrary code, enabling full control over the affected system including reading sensitive data, modifying files, and disrupting operations.
Microsoft security advisories at the listed MSRC URLs describe available patches that address the issue, while the CISA Known Exploited Vulnerabilities catalog confirms active exploitation of CVE-2021-1647 in the wild.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-7114
Vulnerability details
Microsoft Defender Remote Code Execution Vulnerability
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of the vendor patches that Microsoft released to eliminate the RCE flaw in Defender.
Enforces least-privilege execution so that even a local attacker starts with minimal rights, reducing the chance of successful exploitation to full control.
Enables continuous monitoring of Defender processes and anomalous local code-execution behavior that would indicate exploitation of CVE-2021-1647.