Acd421

**Name of the Vulnerable Software and Affected Versions** Microsoft Malware Protection Engine versions 1.1.26030.3008 through 1.1.26040.8 **Description** An improper link resolution issue before file access, known as link following, exists within the Microsoft Malware Protection Engine component of Microsoft Defender. This flaw allows an authenticated local attacker to escalate privileges to SYSTEM level, potentially granting full control over the affected system, including unrestricted data access, modification of system settings, software installation, user account management, and the ability to disable security protections. Additionally, the Microsoft Defender Antimalware Platform is affected by an uncontrolled resource consumption issue that could allow an attacker to cause a denial of service. This issue has been actively exploited in the wild. **Recommendations** Update Microsoft Malware Protection Engine to a version later than 1.1.26040.8. Keep Windows fully patched. Enable multi-factor authentication and follow the principle of least privilege. Monitor systems for suspicious privilege escalation activity.