#VU61126 Spoofing attack in Microsoft products - CVE-2022-23278
Published: March 8, 2022
Vulnerability identifier: #VU61126
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-23278
CWE-ID: CWE-451
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Defender for Endpoint for Windows
Defender for Endpoint for macOS
Defender for Endpoint for Android
Defender for Endpoint for Windows
Defender for Endpoint for macOS
Defender for Endpoint for Android
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in Microsoft Defender for Endpoint. A remote attacker can spoof page content.
Remediation
Install updates from vendor's website.