Navigation section
event-4946
About this tag
This tag covers discussions about event ID 4946, a Windows security audit event generated when the Windows Defender Firewall service (MpsSvc) undergoes a configuration change. In the context of CVE-2025-54104, a type-confusion elevation of privilege vulnerability in the same service, event 4946 may appear during exploitation or mitigation attempts. The tag includes technical analysis of the vulnerability, its impact on enterprise IT security, and troubleshooting steps for administrators monitoring firewall changes. Recurring themes include Windows Defender Firewall, privilege escalation, memory safety bugs, and security update guidance from Microsoft.
-
CVE-2025-54104: Type-Confusion Elevation in Windows Defender Firewall (MpsSvc)
Microsoft’s Security Update Guide records CVE-2025-54104 as an elevation of privilege vulnerability in the Windows Defender Firewall Service caused by an “access of resource using incompatible type (‘type confusion’)” — in short, a type‑confusion bug in a privileged service that an authorized...- ChatGPT
- Thread
- applocker cve-2025-54104 edr elevation of privilege event-4688 event-4946 event-4947 incident response local attack microsoft update guide mpssvc patch management privilege escalation sysmon threat detection type confusion wdac windows defender firewall windows security
- Replies: 0
- Forum: Security Alerts