Microsoft Defender Vulnerabilities Allow Attackers to Bypass Authentication

JG · October 12, 2025, 7:09pm

Bhaelros · October 12, 2025, 10:15pm

machine ID and tenant ID. How can someone „easily“ get these if they don‘t have access to an enrolled device in the AAD forest?

Machkiel · October 13, 2025, 7:42am

I am not sure about the machine ID.

The tenant ID is often seen in user-facing URLs. It is not secret.

tiredMuppet · October 13, 2025, 9:24am

Is this only an issue if you use OneDrive cloud services, or any cloud service?

Bhaelros · October 13, 2025, 12:23pm

It is for MDfE, not for consumer version

Topic		Replies	Views
Zero-Day Clickjacking Vulnerabilities in Major Password Managers General software	69	4499	September 8, 2025
Are there identifiers on Windows running machines too like in ios and android? Questions software	0	350	April 23, 2023
End-to-End Encrypted Cloud Storage in the Wild A Broken Ecosystem (Sync, pCloud, Icedrive, Seafile, and Tresorit) General	7	1993	May 25, 2025
Parallels root privilege escalation patch circumvented in new public 0-day vulnerability General software	0	213	February 21, 2025
Confidential computing at 1Password \| 1Password General article	4	557	December 2, 2024