Microsoft Defender Malware Protection Engine Heap Buffer Overflow RCE

VULNERABILITY OVERVIEW

A heap-based buffer overflow in the Microsoft Malware Protection Engine allows an unauthenticated remote attacker to execute arbitrary code over a network without user interaction. Patched in the same out-of-band engine update (v1.1.26040.8) as CVE-2026-41091, this vulnerability has not yet had confirmed in-the-wild exploitation but shares the same affected engine version as the actively exploited RedSun/UnDefend chain. Defender's automatic update mechanism delivers the fix on connected endpoints, but organizations should verify fleet-wide update status.

CVSS BREAKDOWN

CITATIONS

• → https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45584
• → https://www.techtimes.com/articles/316957/20260521/microsoft-defender-zero-days-patched-redsun-undefend-exploits-already-used-live-intrusions.htm
• → https://www.helpnetsecurity.com/2026/05/21/microsoft-defender-vulnerabilities-cve-2026-41091-cve-2026-45498/