I. What Actually Happened

On May 20, 2026, Microsoft acknowledged two actively exploited vulnerabilities in Microsoft Defender and disclosed them publicly. The same day, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added both to its Known Exploited Vulnerabilities (KEV) catalog under Binding Operational Directive (BOD) 22-01, setting a remediation deadline of June 3, 2026 for federal agencies.

Both vulnerabilities affect widely deployed components of Defender: the Malware Protection Engine (the scanning core) and the Antimalware Platform (MsMpEng.exe, which manages real-time protection). Because Defender ships pre-installed and enabled by default on over a billion Windows devices, the blast radius of these flaws is unusually broad.

Security researchers have connected these CVEs to two exploit frameworks — codenamed RedSun and UnDefend — published on GitHub last month by a researcher using the handle Nightmare Eclipse (also known as Chaotic Eclipse). Microsoft has not formally confirmed the connection in its advisories, but the vulnerability descriptions align closely.

II. CVE-2026-41091: Privilege Escalation via Link-Following

CVE-2026-41091 is an Elevation of Privilege (EoP) vulnerability in the Microsoft Malware Protection Engine — the component responsible for scanning files. The root cause is an improper link resolution before file access, a class of bug often called a “link-following” or symlink vulnerability.

When Defender’s engine follows a symbolic link or directory junction during a scan operation without adequately validating the target, an attacker who already holds a local foothold on the machine can craft a malicious link. By doing so, they can trick the engine into accessing or modifying a file path it should not touch — and because the engine itself runs with elevated privileges, this can result in the attacker escalating to SYSTEM-level privileges.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.” — Microsoft Security Advisory

The vulnerability carries a CVSS 3.1 base score of 7.8 (HIGH). Affected builds of the Malware Protection Engine run from version 1.1.26030.3008 up to (but not including) the patched version 1.1.26040.8. Initial access remains a prerequisite — an attacker needs an existing foothold obtained through phishing, a malicious download, or a compromised remote desktop session before this vulnerability can be chained for privilege escalation.

⚠ Accuracy Note

Some circulating reports have characterized CVE-2026-41091 as a “WdFilter.sys IOCTL kernel driver exploit” or described it as enabling arbitrary address writes via ROP chains. This is not confirmed by Microsoft’s advisory or independent researchers. The officially described root cause is improper link resolution (symlink following) in the Malware Protection Engine — a separate, though serious, vulnerability class.

III. CVE-2026-45498: Denial of Service Against the Antimalware Platform

CVE-2026-45498 targets MsMpEng.exe — the Antimalware Service Executable that manages Defender’s real-time scanning and protection services. It is classified as a Denial of Service (DoS) vulnerability with a network-based attack vector, meaning it can be triggered remotely without requiring local access to the target machine.

A successful exploit crashes or disables the Antimalware Platform’s scanning capability, opening a window during which other malicious payloads can execute without real-time inspection. While the standalone CVSS score of 4.0 (MEDIUM) may appear modest, CISA treated the flaw as high-priority because a remotely exploitable, denial-of-service condition in a security product that is on by default represents a serious force-multiplier for follow-on attacks.

The unusually tight remediation window — 14 days from disclosure to the June 3 deadline, shorter than CISA’s typical 21-day minimum — reflects this assessment.

⚠ Accuracy Note

CVE-2026-45498 is a Denial of Service vulnerability, not an “AMSI Provider forgery” attack. Its CVSS score is 4.0 (MEDIUM), not 7.8 as some reports have stated. The AMSI-based attack narrative may be speculative or derived from a separate, unconfirmed research scenario.

IV. The BlueHammer Connection

A third Defender-adjacent flaw, CVE-2026-33825 (nicknamed BlueHammer), was separately added to CISA’s KEV catalog in late April 2026 after being reported by researchers Zen Dodd and Yuanpei Xu. Some security researchers have speculated that all three CVEs could be chained in succession, with BlueHammer providing initial kernel-level access that subsequent exploits build upon.

While the theoretical combination is technically plausible, no public incident response report or Microsoft advisory has confirmed a chained three-vulnerability attack in the wild. Organizations should treat each CVE on its own merits and patch accordingly — the possibility of chaining is reason for urgency, not a confirmed attack methodology.

V. Scope and Affected Systems

Confirmed Scope
  • Product: Microsoft Defender Antivirus — Malware Protection Engine & Antimalware Platform
  • Affected engine builds: 1.1.26030.3008 and earlier (fixed in 1.1.26040.8)
  • Operating systems: Windows 10, Windows 11 (all supported editions), Windows Server 2016 / 2019 / 2022
  • Local access required for CVE-2026-41091: Yes — attacker must hold an existing foothold
  • Remote trigger possible for CVE-2026-45498: Yes — network attack vector
  • Exploitation in the wild: Confirmed by both Microsoft and CISA
  • Patch delivery: Automatic via Windows Update / Defender signature updates for most systems

VI. Remediation and Defense Guidance

Microsoft released patches for both CVEs in the May 2026 security update cycle. For most consumer and enterprise machines with automatic updates enabled, the Malware Protection Engine will have already been updated to version 1.1.26040.8 or later. However, organizations should actively verify rather than assume.

Layer Recommended Action
Patch first Install the Microsoft May 2026 cumulative security update. Verify Defender engine version is ≥ 1.1.26040.8 via Get-MpComputerStatus in PowerShell.
Inventory gaps Prioritize managed servers, offline or air-gapped systems, privileged workstations, and devices with deferred update policies that may not have received automatic engine updates.
Monitor for EoP signals Alert on unexpected privilege escalation to SYSTEM from low-privilege processes, particularly those interacting with Defender services.
Watch Defender health Establish a baseline for MsMpEng.exe behavior and generate SIEM alerts if real-time protection unexpectedly goes offline or the service stops.
Hypervisor isolation Enable Hypervisor-Protected Code Integrity (HVCI) / Memory Integrity where feasible, as it raises the bar for kernel-level exploitation.

Federal agencies under BOD 22-01 must demonstrate remediation of both CVEs by June 3, 2026. Private sector organizations should treat the same deadline as a strong target given confirmed active exploitation.

VII. What This Incident Reveals

Beyond the immediate patching imperative, this pair of vulnerabilities illustrates a recurring structural challenge: security software itself is a high-value attack surface. The Malware Protection Engine and the Antimalware Platform run with elevated permissions precisely because their job requires deep system access — and that elevated trust makes them attractive targets. When an EDR product or antivirus component is compromised or silenced, every protection layer that depends on it fails simultaneously.

The lesson is not that Defender is uniquely flawed, but that no single security layer should be treated as an infallible foundation. Defense in depth — hypervisor-based integrity checks, network monitoring, behavior analytics that operate independently of host-based agents — provides resilience when any one component is attacked.