Vulnerability Management

Researchers uncover major flaws in Microsoft Defender

Microsoft Defender website.

Cyber Press reports that security researchers have identified multiple authentication flaws in Microsoft Defender for Endpoint's cloud communication infrastructure that could let attackers intercept commands, manipulate response actions, and inject false data.

The vulnerabilities stem from inadequate token validation in backend systems tied to Defender's MsSense.exe and SenseIR.exe components, allowing threat actors to bypass authentication by exploiting exposed machine and tenant IDs.

Researchers found that the platform's servers ignore authentication headers, enabling adversaries to intercept or block legitimate commands and even upload falsified telemetry or malicious files to Azure Blob storage. Similar weaknesses affect the /senseir/v1/actions/ endpoint, which handles Live Response operations, allowing attackers to forge isolation statuses and alter forensic data.

Although Microsoft reportedly rated the issues as low severity, experts warn that the flaws could severely disrupt incident response workflows. Security teams are urged to monitor for suspicious command activity, verify isolation states manually, and limit network access to trusted Defender endpoints.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds