🟒 CVE-2026-45498

CVE-2026-45498 is a denial of service vulnerability in Microsoft Defender Antimalware Platform with local attack vector (CVSS AV:L). Despite being on CISA KEV, this is likely being exploited as part of ransomware attacks to disable endpoint protection rather than for initial access.

← Back to Overview
LOW_RISK
Risk Level
4.0
CVSS Score
LOCAL
Attack Vector
Defense Impairment
ATT&CK Tactic
T1687 β€” Exploitation for Defense Impairment
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

πŸ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: OTHER

CVE Published: 2026-05-20

Added to CISA KEV: 2026-05-20 0 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

πŸ” Web Intelligence (Kagi Β· 2026-06-04)

Summary

CVE-2026-45498 is a denial-of-service (DoS) vulnerability affecting the Microsoft Defender Antimalware Platform, classified as CWE-400 (uncontrolled resource consumption) [3]. This vulnerability allows an attacker to disrupt the operation of Microsoft Defender, effectively disabling its protective capabilities on an affected system [4]. It is a significant security concern because it targets the core security software responsible for endpoint protection, leaving systems vulnerable to further compromise while the service is incapacitated [2].

Exploitation

  • Active Exploitation: This vulnerability has been identified as a zero-day flaw and is currently being exploited in the wild [1] [5].
  • Threat Actors: It has been associated with the "UnDefend" campaign [2].
  • Tool Availability: There is no widespread public availability of exploit tools reported at this time, though the flaw is actively leveraged by attackers.
  • Prerequisites: The vulnerability requires the Microsoft Defender Antimalware Platform to be enabled on the target system; systems with Defender explicitly disabled are not exploitable [1].

Affected Products & Patches

  • Affected Versions: The vulnerability affects versions of the Microsoft Defender Antimalware Platform prior to 4.18.26040.7 [1].
  • Patch Availability: Microsoft has addressed this defect in the Microsoft Defender Antimalware Platform version 4.18.26040.7 [1].
  • Mitigations: The primary mitigation is to ensure that the Microsoft Defender Antimalware Platform is updated to the patched version. Systems where Microsoft Defender is completely disabled are not vulnerable [1].

Impact

  • Access/Capability: Successful exploitation results in a denial-of-service state, causing the Microsoft Defender service to stop functioning as intended, which leads to a loss of real-time protection for the endpoint [3] [4].
  • Business Risk: For internet-facing or critical business deployments, this vulnerability poses a high risk because it can be used as a precursor to further attacks. By blinding the primary security software, an attacker creates a window of opportunity to deploy malware, ransomware, or other malicious payloads without interference from the endpoint protection platform [2].

Sources

  1. Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days

    The second bug, tracked as CVE-2026-45498 (CVSS score of 4.0), is a denial-of-service (DoS) flaw. Microsoft addressed the two security defects in Microsoft Defender Antimalware Platform version 4.18.26040.7. According to the company, systems with Microsoft Defender disabled are not exploitable, even…

  2. UnDefend - CVE-2026-45498 - Microsoft Defender Denial of Service ...

    UnDefend (CVE-2026-45498) is a zero-day denial-of-service vulnerability affecting the Microsoft Defender Antimalware Platform.

  3. CVE-2026-45498 - Vulnerability Details - OpenCVE

    The CVE identifies a denial of service vulnerability in the Microsoft Defender Antimalware Platform. This flaw is classified as CWE-400, indicating uncontrolled resource consumption. The description is limited to this statement, without detailing how the vulnerability is triggered. It is inferred th…

  4. Microsoft Defender vulnerabilities exploited in the wild (CVE-2026 ...

    CVE-2026-45498 can cause a denial-of-service (DoS) state, i.e., it can be used to prevent Microsoft Defender from working as it should. Both ...

  5. Microsoft Defender Multiple Vulnerabilities

    Note: CVE-2026-45498 is being exploited in the wild. Microsoft Defender contains an unspecified vulnerability that allows for denial of service.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

πŸ“„ Download JSON Data | πŸ“‘ RSS Feed