Spoofing attack in Microsoft products - CVE-2022-23278
Published: March 8, 2022
Vulnerability identifier: #VU61126
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-23278
CWE-ID: CWE-451
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Defender for Endpoint for Windows
Defender for Endpoint for macOS
Defender for Endpoint for Android
Defender for Endpoint for Windows
Defender for Endpoint for macOS
Defender for Endpoint for Android
Detailed vulnerability description
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in Microsoft Defender for Endpoint. A remote attacker can spoof page content.
How to mitigate CVE-2022-23278
Install updates from vendor's website.