CVE-2022-23278
Published: 09 March 2022
Summary
CVE-2022-23278 is a medium-severity an unspecified weakness vulnerability in Microsoft Windows 10. Its CVSS base score is 5.9 (Medium).
Operationally, ranked in the top 12.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2022-23278 is a spoofing vulnerability affecting Microsoft Defender for Endpoint. It carries a CVSS 3.1 base score of 5.9 with a network attack vector, high attack complexity, no required privileges or user interaction, and high integrity impact without affecting confidentiality or availability.
An unauthenticated remote attacker can exploit the flaw over the network to spoof data or responses processed by Defender for Endpoint, thereby achieving unauthorized integrity changes such as falsified security telemetry or detections.
Microsoft Security Response Center advisories at the referenced URL direct administrators to apply the vendor-supplied updates that address the issue in supported versions of the product.
EPSS for the CVE rose from low values after disclosure to a peak of 0.0553 on 2025-01-22 before receding to the current 0.0321, indicating that exploitation interest emerged well after the original publication date.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-28364
Vulnerability details
Microsoft Defender for Endpoint Spoofing Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.