CVE-2026-45584

Microsoft · Defender (Malware Protection Engine)

A heap-based buffer overflow in the Microsoft Malware Protection Engine allows an unauthorized attacker to execute arbitrary code over a network.

Executive summary

A heap-based buffer overflow in the Microsoft Malware Protection Engine could allow an unauthorized attacker to achieve remote code execution.

Vulnerability

This is a heap-based buffer overflow (CWE-122) in the Malware Protection Engine. An unauthorized attacker can trigger this vulnerability over a network, potentially leading to arbitrary code execution.

Business impact

With a CVSS score of 8.1, this vulnerability poses a critical risk as it allows for remote code execution, which could result in full system takeover. The potential for unauthorized access to sensitive data and disruption of services makes this a high-priority remediation item.

Remediation

Immediate Action: Ensure that the Microsoft Malware Protection Engine is updated to version 1.1.26040.8 or later immediately.

Proactive Monitoring: Monitor network traffic and endpoint telemetry for unusual process execution or attempts to exploit memory vulnerabilities.

Compensating Controls: Ensure standard endpoint protection policies are active and that the system is configured to receive automatic signature and engine updates from Microsoft.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Remote code execution vulnerabilities in security products are extremely dangerous because they can be exploited before a user even interacts with a malicious file. Organizations must verify that their Microsoft Defender engines have been automatically updated to the patched version to mitigate this risk.