I'm curious about how everyone using Microsoft Defender is dealing with the recent CVE vulnerabilities. Specifically, I've heard that some organizations have opted to remove Defender entirely. Has anyone else taken similar steps, and what strategies are you employing to manage the situation?
5 Answers
Honestly, we don’t even use Defender, so it hasn’t affected us at all. But if I were in your shoes, I’d be pretty frustrated with Microsoft for handling it this way! They really dropped the ball creating this zero-day issue.
I’d say just patch it. What’s the big deal? Am I missing something here?
There are two unpatched CVEs: RedSun and Undefend, which are sitting at a severity of 7.8.
Our team disabled Defender. I wonder what alternative vendors folks are considering?
I’ve heard that CrowdStrike is pretty reliable, but you never know!
By definition, it can’t be exploited without Defender triggering an incident. But tell me you're responding to these incidents, right?
It seems the exploit could trick Defender into thinking a safe file is vulnerable and potentially allow escalation.
Nothing much for me. Ignoring it helps me sleep better at night.
I can't believe if that's what really happened—so messed up!