Windows Defender Firewall Service Vulnerability

MEDIUM (5.5)
cwe-125localaccesslowcomplexitymicrosoftscriptkiddielevelvulnerabilitywindowsdefenderfirewallservice

Threat Intelligence

Low Risk
EPSS Score: 0.06% chance of exploitation (percentile: 18%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The Windows Defender Firewall Service is a component of the Windows operating system, responsible for managing network traffic and blocking unauthorized access. This vulnerability allows an authorized attacker to disclose information locally by exploiting an out-of-bounds read in the service's code.

Am I affected?

You're affected if you use Out-of-bounds read. Specific version info not stated in the advisory.

How to fix

  1. Apply the security update KB5016628 from Microsoft's official website: https://support.microsoft.com/en-us/topic/windows-10-vulnerability-in-windows-defender-firewall-service-bf3c9b5e-a4a2-43d6-96ad-7d0d9dbdcaab
  2. Immediate mitigations:
  3. Restrict network access to your Windows Defender Firewall Service instance (firewall it from the public internet)
  4. Audit system logs for suspicious activity patterns

References