Critical Microsoft Defender Flaws Let Attackers Bypass Security and Upload Malware

Vulnerabilities in Microsoft Defender allow hackers to bypass security, posing serious post-breach risks despite being deemed low-severity.

By Content Team

Oct 12, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Security researchers at InfoGuard Labs discovered serious vulnerabilities in Microsoft Defender for Endpoint that allow attackers to bypass authentication and manipulate security responses. The flaws let hackers intercept commands between Defender agents and Microsoft's cloud services using easily obtainable machine and tenant IDs from the Windows registry.

Attackers can spoof isolation commands, making infected devices appear secured in Microsoft's portal while remaining compromised. They can also upload malicious files to investigation packages, potentially tricking security analysts into executing malware during incident reviews.

Reported to Microsoft in July 2025, the company classified these as low-severity issues with no confirmed fixes as of October 2025, despite researchers arguing they pose significant post-breach risks.

Source: Cybersecurity News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Hackers Target Zero-Day Flaw in Old D-Link Routers No Longer Getting Updates

Jan 8, 2026

VS Code Configs Expose GitHub Codespaces to Supply Chain Attacks

Feb 5, 2026

'PackageGate' Vulnerabilities Expose JavaScript Package Managers to Supply Chain Attacks

Jan 27, 2026

Under Armour Investigates Data Breach Affecting 72 Million Email Addresses

Jan 23, 2026