<< Back
CVE Number Vulnerability Product Severity Date
CVE-2024-21322 Microsoft Defender for IoT Remote Code Execution Vulnerability Microsoft Defender Critical 23-04-2024

Technical Information

An authenticated attacker with necessary permissions to initiate the update process may send a malicious tar update package to the Defender for IoT over the network and after the extraction is complete, attacker may send unsigned update packages and overwrite any file they chose.

Patch release date: Apr 09, 2024
Further information on this vulnerability is available at : CVE-2024-21322

All the mentioned vulnerabilities are reported in Microsoft Defender and may have a similar impact.

CVE-2024-21323:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-21323

CVE-2024-29053:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-29053

Affected Software

Microsoft Defender for IoT