Ransomware extortionists are exploiting insufficient access controls in Microsoft Defender (CVE-2026-33825) to obtain SYSTEM privileges and fully compromise systems.
Ransomware gangs exploit a vulnerability in Microsoft Defender to gain access to the SAM database through insufficient access controls and obtain SYSTEM privileges.