CVE-2026-33825

HIGH

Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.

CVSS v3.1 Score

7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Complexity
LOW
Privileges
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Published: 4/14/2026Modified: 4/23/2026

Related Intelligence (5)

CRITICALZero DayPOC

Caught, Quarantined, Re-installed: RedSun turns Microsoft Defender on itself

Days after Microsoft patched a high-severity issue affecting its Windows Defender antivirus tool through April’s Patch Tuesday, researchers warn of another vulnerability that could enable SYSTEM privileges through local escalation. In a newly disclosed proof-of-concept (PoC) exploit, dubbed “RedSun,” GitHub user going by the name “Nightmare Eclipse” demonstrated how Microsoft Defender’s handling o

CVE-2026-33825
CSO Online
CRITICALZero DayPOC

Another Microsoft Defender privilege escalation bug emerges days after patch

Days after Microsoft patched a high-severity issue affecting its Windows Defender antivirus tool through April’s Patch Tuesday, researchers warn of another vulnerability that could enable SYSTEM privileges through local escalation. In a newly disclosed proof-of-concept (PoC) exploit, dubbed “RedSun,” GitHub user going by the name “Nightmare Eclipse” demonstrated how Microsoft Defender’s handling o

CVE-2026-33825
CSO Online
CRITICALRansomware

April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs

A critical hole in Windows Internet Key Exchange for secure communications, an actively exploited zero day in Microsoft SharePoint and a critical SQL injection vulnerability in a SAP product are the focus of the April Patch Tuesday releases requiring immediate attention from IT security teams. “April’s threat landscape is defined by immediate, real-world exploitation rather than just theoretical v

CVE-2026-32201CVE-2025-49706
CSO Online
CRITICALZero Day

Patch Tuesday - April 2026

Microsoft is publishing 167 vulnerabilities on April 2026 Patch Tuesday . Microsoft is aware of exploitation in the wild for one of today’s vulnerabilities, and public disclosure for one other. Microsoft evaluates 19 of the vulnerabilities published today as more likely to see future exploitation. So far this month, Microsoft has provided patches to address 80 browser vulnerabilities, which are no

CVE-2026-32201CVE-2026-33825
Rapid7
CRITICALZero Day

Patch Tuesday, April 2026 Edition

Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed "BlueHammer." Separately, Google Chrome fixed its fourth zero-day of 2026, and an emergency update for Adobe Reader nixes an actively exploited flaw that ca

CVE-2026-32201CVE-2026-33120
Krebs on Security

References (3)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825Vendor Advisoryhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-33825US Government Resourcehttps://www.huntress.com/blog/nightmare-eclipse-intrusionThird Party Advisory