CVE-2026-45498
Microsoft · Defender
A denial-of-service vulnerability in the Microsoft Defender Antimalware Platform allows attackers to disrupt endpoint protection, creating a security blind spot.
Executive summary
This critical denial-of-service vulnerability in the Microsoft Defender Antimalware Platform is confirmed to be actively exploited in the wild and requires immediate remediation.
Vulnerability
This is an uncontrolled resource consumption vulnerability (CWE-400) that can be triggered by an unauthenticated attacker to cause a denial-of-service condition within the Antimalware Platform. By exhausting resources, the attacker can effectively disable the endpoint protection agent.
Business impact
With a CVSS score of 9.5, this vulnerability represents a severe threat to enterprise security. By successfully disabling the endpoint protection agent, an attacker creates a critical blind spot, allowing for subsequent malware deployment or unauthorized system access without interference from security controls. The inclusion of this CVE in the CISA KEV catalog confirms that this risk is currently being realized in live environments.
Remediation
Immediate Action: Update the Microsoft Antimalware Platform to version 4.18.26040.7 or later across all managed endpoints immediately.
Proactive Monitoring: Monitor endpoint health logs for signs of the Defender service unexpectedly terminating or failing to respond to scan requests.
Compensating Controls: Ensure that secondary security layers, such as network-based intrusion detection systems (IDS) and endpoint detection and response (EDR) telemetry, remain fully operational to detect potential follow-on attacks while the primary agent is being remediated.
Exploitation status
Public Exploit Available: Yes — a public proof-of-concept exists on GitHub.
Analyst recommendation
Given the active exploitation and the critical nature of the affected security software, organizations must prioritize patching this vulnerability immediately. Failure to update the Antimalware Platform leaves systems vulnerable to being blinded, facilitating further compromise.