Overview
- Microsoft began rolling out emergency platform updates on May 21 that deliver Malware Protection Engine v1.1.26040.8 and Defender Antimalware Platform v4.18.26040.7 to address CVE-2026-41091 and CVE-2026-45498.
- CVE-2026-41091 is a link-following bug in the Malware Protection Engine that lets a local attacker elevate privileges to SYSTEM by abusing how Defender resolves links before file access.
- CVE-2026-45498 is a denial-of-service flaw in the Antimalware Platform that can crash or disable Defender processes and so create windows for further malware activity.
- The Antimalware Platform is shared by other Microsoft products, including System Center Endpoint Protection and Microsoft Security Essentials, which broadens enterprise exposure.
- Public proof-of-concept exploits published in April and observed attacker use have increased urgency so administrators should verify automatic Defender platform updates, confirm version numbers, and meet CISA's June 3 deadline under BOD 22-01.