PT-2026-42157 · Microsoft · Defender

Acd421

+3

·

Published

2026-05-19

·

Updated

2026-07-09

·

CVE-2026-41091

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Microsoft Defender (affected versions not specified)
Description Improper link resolution before file access, also known as link following, in the Microsoft Malware Protection Engine allows an authorized attacker to locally elevate privileges to SYSTEM level. Additionally, the Microsoft Defender Antimalware Platform contains an issue related to uncontrolled resource consumption that could allow an attacker to cause a denial of service. This flaw was actively exploited in real-world incidents before patches were released.
Recommendations Update Microsoft Defender immediately. Keep Windows fully patched. Enable multi-factor authentication and the principle of least privilege. Monitor for suspicious privilege escalation activity.

Exploit

Fix

LPE

DoS

Link Following

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-07109
BDU:2026-07110
CVE-2026-41091

Affected Products

Defender