Cyber Press reports that security researchers have identified multiple authentication flaws in Microsoft Defender for Endpoint's cloud communication infrastructure that could let attackers intercept commands, manipulate response actions, and inject false data.The vulnerabilities stem from inadequate token validation in backend systems tied to Defender's MsSense.exe and SenseIR.exe components, allowing threat actors to bypass authentication by exploiting exposed machine and tenant IDs.Researchers found that the platform's servers ignore authentication headers, enabling adversaries to intercept or block legitimate commands and even upload falsified telemetry or malicious files to Azure Blob storage. Similar weaknesses affect the /senseir/v1/actions/ endpoint, which handles Live Response operations, allowing attackers to forge isolation statuses and alter forensic data.Although Microsoft reportedly rated the issues as low severity, experts warn that the flaws could severely disrupt incident response workflows. Security teams are urged to monitor for suspicious command activity, verify isolation states manually, and limit network access to trusted Defender endpoints.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




