Cyber Resilience

CVE-2022-23278

Medium

Published: 09 March 2022

Published
09 March 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0321 87.3th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-23278 is a medium-severity an unspecified weakness vulnerability in Microsoft Windows 10. Its CVSS base score is 5.9 (Medium).

Operationally, ranked in the top 12.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2022-23278 is a spoofing vulnerability affecting Microsoft Defender for Endpoint. It carries a CVSS 3.1 base score of 5.9 with a network attack vector, high attack complexity, no required privileges or user interaction, and high integrity impact without affecting confidentiality or availability.

An unauthenticated remote attacker can exploit the flaw over the network to spoof data or responses processed by Defender for Endpoint, thereby achieving unauthorized integrity changes such as falsified security telemetry or detections.

Microsoft Security Response Center advisories at the referenced URL direct administrators to apply the vendor-supplied updates that address the issue in supported versions of the product.

EPSS for the CVE rose from low values after disclosure to a peak of 0.0553 on 2025-01-22 before receding to the current 0.0321, indicating that exploitation interest emerged well after the original publication date.

EU & UK References

Vulnerability details

Microsoft Defender for Endpoint Spoofing Vulnerability

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
defender for endpoint edr sensor
≤ 10.8047.22439.1056
microsoft
defender for endpoint
all versions

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References