← Back to Feed CACHED · 2026-05-17 09:42:19 · cache_key CVE-2025-29912
CVE-2026-41091 · CWE-59 · Disclosed 2026-05-20

Improper link resolution before file access

ASSESSED — NOISGATE V0.5
Vendor
Reassessed
Verdict:
01 · The Real Story

This is the janitor’s key ring hanging in a closet every employee can reach

CVE-2026-41091 is a local privilege escalation in the Microsoft Malware Protection Engine used by Microsoft Defender. The bug is a classic link-following issue: the engine can be tricked into resolving a link and touching the wrong file path under elevated context, letting a low-privileged local user pivot to SYSTEM. NVD lists the affected range as Microsoft Malware Protection Engine versions 1.1.26030.3008 through <1.1.26040.8, with 1.1.26040.8 as the first fixed engine build.

Microsoft’s HIGH label is basically right, but the reason is not the CVSS impact math alone. In a vacuum this should get downward pressure because it is AV:L/PR:L and therefore requires an attacker to already have code execution or an authenticated foothold on the endpoint; in the real world, the KEV listing and active exploitation pull it back up because Defender is everywhere and SYSTEM-level post-exploitation on a commodity Windows host is exactly how small intrusions become domain-wide problems.

"Keep it HIGH: this is post-compromise, but KEV-listed SYSTEM LPE on a ubiquitous engine is still urgent."
02 · The Attack Path

4 steps from start to impact.

STEP 01

Gain a low-privileged foothold on the endpoint

The attacker first needs code execution as a standard user or another low-privileged authenticated context on the Windows host. That foothold can come from phishing, a browser exploit, stolen credentials, or any other initial-access path; CVE-2026-41091 is not the entry vector, it is the privilege escalator that follows. Public reporting ties active exploitation to a Defender zero-day chain discussed as RedSun in press coverage.
Conditions required:
  • Local execution on the target host
  • At least low privileges (PR:L)
  • Affected Microsoft Malware Protection Engine version installed
Where this breaks in practice:
  • This is already post-initial-access; no foothold means no exploit path
  • Modern EDR, application control, and browser hardening should stop many upstream delivery vectors
  • Locked-down VDI/kiosk/non-persistent fleets reduce the value of local SYSTEM
Detection/coverage: Most vulnerability scanners can only flag this by version/state, not by exploit telemetry. EDR should already have evidence of the precursor compromise if step 1 happened.
STEP 02

Prepare a malicious link/redirection primitive

Using a RedSun-style link-following primitive referenced in reporting, the attacker places or manipulates a symlink/reparse-point path so Defender resolves it before file access under higher privilege. The exploit is about steering a trusted SYSTEM-context component into operating on an attacker-controlled target path.
Conditions required:
  • Ability to create or influence file-system objects in a writable location
  • The vulnerable engine must touch the crafted path during scan/processing
Where this breaks in practice:
  • Exploit reliability can depend on path timing and the exact file operation Defender performs
  • Some hardened file-system locations and ACLs limit where the attacker can plant objects
  • Behavioral EDR may flag suspicious reparse-point or symlink abuse
Detection/coverage: Commodity scanners do not see the crafted filesystem state well. Look for Sysmon/EDR telemetry on symlink or reparse-point creation followed by Defender engine file operations.
STEP 03

Trigger Defender to access the attacker-chosen path

The attacker then causes Microsoft Defender to scan or otherwise access the crafted object so the vulnerable engine follows the link incorrectly. If the engine performs privileged file operations on the redirected target, the attacker can overwrite, replace, or otherwise influence assets in a way that results in SYSTEM execution or privilege elevation.
Conditions required:
  • Defender real-time or on-demand processing reaches the crafted file/path
  • The vulnerable file operation is reachable in that execution path
Where this breaks in practice:
  • Not every Defender action path will be exploitable the same way
  • Defender running in passive/limited roles may change reachability in some environments
  • Race timing and environmental differences can lower reliability at scale
Detection/coverage: Version-only detection is easy; exploit detection is not. Hunt for Defender service activity immediately preceding privileged file changes, service registration changes, or unexpected SYSTEM-launched child activity.
STEP 04

Escalate to SYSTEM and widen blast radius

Once SYSTEM is obtained, the attacker can dump secrets, tamper with local security tooling, install persistence, or pivot further using cached credentials and token abuse. This is the step that turns an ordinary user compromise into an enterprise incident on high-value workstations or admin jump boxes.
Conditions required:
  • Successful local privilege escalation
  • A host worth escalating on
Where this breaks in practice:
  • SYSTEM on one workstation is not automatically domain compromise
  • Credential Guard, LSASS protections, and PAM controls can contain follow-on abuse
  • Tiering and admin separation sharply reduce blast radius
Detection/coverage: EDR should detect post-escalation actions better than the exploit itself: suspicious service creation, protected process tampering, credential access, and SYSTEM-token abuse.
03 · Intelligence Metadata

The supporting signals.

In-the-wild statusConfirmed exploited. NVD marks the CVE as present in CISA KEV, and press coverage cites Microsoft warning that the flaw is being actively exploited.
KEV statusYes. Added to CISA KEV on 2026-05-20 with a due date of 2026-06-03 shown on NVD/CISA references.
Proof-of-concept availabilityPublic reporting links exploitation to the RedSun Defender zero-day naming/disclosure thread. I could not verify a stable public GitHub PoC for CVE-2026-41091 itself from primary sources, so assume attacker tradecraft exists but broad copy-paste weaponization is unconfirmed.
EPSS0.06978 from your intel block. That is not sky-high by internet-exposure standards, which is normal for a local LPE; the KEV listing matters more here than EPSS.
CVSS vectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H — translation: easy to use after you already have local execution, no user click needed, and full box impact once it lands.
Affected versionsNVD lists microsoft:malware_protection_engine versions >=1.1.26030.3008 and <1.1.26040.8 as vulnerable.
Fixed versionsFirst fixed engine version is 1.1.26040.8. Secondary reporting also references Defender platform 4.18.26040.7 as the corresponding patched release line. No Linux distro-style backport story applies here.
Exposure realityThere is no meaningful internet-exposed scan surface for this CVE; Shodan/Censys/GreyNoise-style counts are not the right lens. The real exposure metric is how many Windows endpoints still run an old Defender engine and whether they are reachable by standard users or already-compromised sessions.
Disclosure date2026-05-20.
Researcher / reportingThe official Microsoft/NVD entries do not name a discoverer in the easily accessible records. Press coverage associates the broader disclosure thread with the alias Nightmare Eclipse, but treat that attribution as media reporting rather than vendor-confirmed credit.
04 · The Call

noisgate verdict.

Final Verdict
= UNCHANGED to HIGH (8.3/10)

The decisive factor is that this is an already-exploited post-compromise SYSTEM escalator embedded in a product that is nearly universal across Windows fleets. I am not calling it CRITICAL because the attacker still needs a local authenticated foothold first, but I am upgrading the score because KEV status proves that friction has not stopped real operators.

HIGH Affected version range and fixed engine build
HIGH KEV listing and active exploitation status
MEDIUM Public PoC/researcher attribution details

Why this verdict

  • Active exploitation overrides complacency: KEV-listed plus Microsoft-reported exploitation means attackers are already converting this bug into operational value.
  • Ubiquitous deployment amplifies it: Defender is present on a huge share of Windows endpoints, so a local LPE in the antimalware engine has estate-wide relevance even without network exposure.
  • Friction audit says HIGH, not CRITICAL: the chain requires AV:L and PR:L, which implies prior compromise or a valid low-priv account on the box; that sharply narrows reachable population versus unauthenticated remote flaws.
  • Modern controls should stop earlier stages, not this stage: email security, browser isolation, MFA, and NGFWs do nothing once malware is already executing as a standard user on the endpoint.
  • Blast radius depends on host role: SYSTEM on a developer laptop, admin workstation, or jump server is materially worse than SYSTEM on a disposable kiosk, so enterprise risk is driven by where the foothold lands.

Why not higher?

It is not unauthenticated remote, not wormable, and not a pre-auth server-side bug. The attacker position requirement is the real brake here: needing local low-privilege execution means this is a second-stage exploit, so the addressable population is every *compromised* Windows endpoint, not every reachable Windows endpoint.

Why not lower?

Dropping this to MEDIUM would ignore two real-world amplifiers: KEV status and the fact that Microsoft Defender is everywhere. A post-compromise SYSTEM escalator that is actively used in the wild is exactly the kind of bug that lets routine endpoint infections punch above their weight.

05 · Compensating Control

What to do — in priority order.

  1. Verify engine currency now — Audit AMEngineVersion and isolate any host below 1.1.26040.8. Because this is a HIGH verdict with active exploitation evidence, do not wait for the normal 30-day window; verify and enforce the update immediately, within hours.
  2. Hunt for low-priv-to-SYSTEM transitions — Prioritize telemetry where a standard user context is followed by Defender service activity and then SYSTEM-level file, service, or process changes. Run this hunt immediately, within hours on high-value Windows tiers because exploit attempts may not be obvious from scanner data alone.
  3. Tighten local execution paths — Reduce the number of users who can stage and run arbitrary binaries, scripts, and filesystem tricks by enforcing AppLocker/WDAC, ASR rules, and least privilege. This does not fix the bug, but it lowers exploitability while patching; for this KEV-listed case, deploy or validate these controls immediately, within hours where not already enforced.
  4. Prioritize tier-zero and admin workstations — Patch validation should start with jump hosts, help-desk endpoints, developer workstations, and any device handling privileged sessions. Those systems turn a local SYSTEM bug into credential theft and lateral movement, so complete this priority sweep immediately, within hours, then finish the broader estate.
What doesn't work
  • Perimeter controls like NGFW, IDS, or WAF do not meaningfully help because this is not a network-reachable exploit path.
  • MFA does not stop exploitation once the attacker already has local code execution or a low-privileged session on the host.
  • Signature-only AV confidence is misplaced here because the vulnerable component is the Defender engine itself; you need version verification, not faith in detections.
06 · Verification

Crowdsourced verification payload.

Run this on the target Windows host or through your remote management tool as a local PowerShell session: powershell.exe -ExecutionPolicy Bypass -File .\check-CVE-2026-41091.ps1. Local admin is preferred for consistent Defender status access, though many systems will return the version to standard users; the script exits 0 for PATCHED, 1 for VULNERABLE, and 2 for UNKNOWN.

noisgate-verify.ps1
POWERSHELLREAD-ONLYSAFE
# check-CVE-2026-41091.ps1

# Verifies whether Microsoft Defender AMEngineVersion is patched for CVE-2026-41091.

# Exit codes:

#   0 = PATCHED

#   1 = VULNERABLE

#   2 = UNKNOWN


param(
    [string]$FixedVersion = '1.1.26040.8'
)

function Compare-Version {
    param(
        [Parameter(Mandatory=$true)][string]$A,
        [Parameter(Mandatory=$true)][string]$B
    )

    try {
        $aParts = $A.Split('.') | ForEach-Object { [int]$_ }
        $bParts = $B.Split('.') | ForEach-Object { [int]$_ }

        $max = [Math]::Max($aParts.Count, $bParts.Count)
        for ($i = 0; $i -lt $max; $i++) {
            $aVal = if ($i -lt $aParts.Count) { $aParts[$i] } else { 0 }
            $bVal = if ($i -lt $bParts.Count) { $bParts[$i] } else { 0 }

            if ($aVal -lt $bVal) { return -1 }
            if ($aVal -gt $bVal) { return 1 }
        }
        return 0
    }
    catch {
        return $null
    }
}

try {
    $status = Get-MpComputerStatus -ErrorAction Stop
} catch {
    Write-Output 'UNKNOWN - Failed to query Defender status with Get-MpComputerStatus.'
    exit 2
}

if (-not $status) {
    Write-Output 'UNKNOWN - Defender status object was empty.'
    exit 2
}

$engineVersion = $status.AMEngineVersion
$productVersion = $status.AMProductVersion
$rtp = $status.RealTimeProtectionEnabled
$serviceEnabled = $status.AMServiceEnabled

if ([string]::IsNullOrWhiteSpace($engineVersion)) {
    Write-Output 'UNKNOWN - AMEngineVersion not available.'
    exit 2
}

$cmp = Compare-Version -A $engineVersion -B $FixedVersion
if ($null -eq $cmp) {
    Write-Output ("UNKNOWN - Could not compare versions. Detected AMEngineVersion={0}; AMProductVersion={1}; RTP={2}; ServiceEnabled={3}" -f $engineVersion, $productVersion, $rtp, $serviceEnabled)
    exit 2
}

if ($cmp -lt 0) {
    Write-Output ("VULNERABLE - AMEngineVersion {0} is older than fixed version {1}. AMProductVersion={2}; RTP={3}; ServiceEnabled={4}" -f $engineVersion, $FixedVersion, $productVersion, $rtp, $serviceEnabled)
    exit 1
}
else {
    Write-Output ("PATCHED - AMEngineVersion {0} is at or newer than fixed version {1}. AMProductVersion={2}; RTP={3}; ServiceEnabled={4}" -f $engineVersion, $FixedVersion, $productVersion, $rtp, $serviceEnabled)
    exit 0
}
07 · Bottom Line

If you remember one thing.

TL;DR
Monday morning, treat this as a fleet-wide Windows hygiene fire drill: query every endpoint for AMEngineVersion, force-update any host below 1.1.26040.8, and hunt high-value systems for recent low-priv-to-SYSTEM behavior around Defender activity. Because this is KEV-listed with active exploitation, override the normal noisgate mitigation SLA and patch or mitigate immediately, within hours; the formal noisgate remediation SLA for a HIGH issue is <=180 days, but operationally you should finish exception cleanup and verification this week, not this quarter.

Sources

  1. NVD CVE-2026-41091
  2. Microsoft Security Update Guide advisory
  3. CISA Known Exploited Vulnerabilities catalog entry
  4. BleepingComputer reporting on active exploitation
  5. Help Net Security summary with affected/fixed versions
  6. Microsoft Learn: Get-MpComputerStatus
  7. Microsoft Learn: MSFT_MpComputerStatus class
  8. FIRST EPSS documentation/API root
Peer Review

What defenders are saying.

Submit a review attribution: handle + country only
0 flags selected · stored anonymously
Validation Results

Crowdsourced verification outputs.

Results submitted by users who ran the verification payload against their environment.