CVE-2026-45584
Microsoft · Defender (Malware Protection Engine)
A heap-based buffer overflow in the Microsoft Malware Protection Engine allows an unauthorized attacker to execute arbitrary code over a network.
Executive summary
A heap-based buffer overflow in the Microsoft Malware Protection Engine could allow an unauthorized attacker to achieve remote code execution.
Vulnerability
This is a heap-based buffer overflow (CWE-122) in the Malware Protection Engine. An unauthorized attacker can trigger this vulnerability over a network, potentially leading to arbitrary code execution.
Business impact
With a CVSS score of 8.1, this vulnerability poses a critical risk as it allows for remote code execution, which could result in full system takeover. The potential for unauthorized access to sensitive data and disruption of services makes this a high-priority remediation item.
Remediation
Immediate Action: Ensure that the Microsoft Malware Protection Engine is updated to version 1.1.26040.8 or later immediately.
Proactive Monitoring: Monitor network traffic and endpoint telemetry for unusual process execution or attempts to exploit memory vulnerabilities.
Compensating Controls: Ensure standard endpoint protection policies are active and that the system is configured to receive automatic signature and engine updates from Microsoft.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Remote code execution vulnerabilities in security products are extremely dangerous because they can be exploited before a user even interacts with a malicious file. Organizations must verify that their Microsoft Defender engines have been automatically updated to the patched version to mitigate this risk.