CVE-2026-45498 · Microsoft Defender Denial of Service Vulnerability

01 · The Real Story

This is not a front-door break-in, it is the burglar slipping a bag over the security camera after getting inside

CVE-2026-45498 is a local denial-of-service flaw in the Microsoft Defender Antimalware Platform. The authoritative Microsoft CNA record and NVD change history point to affected platform builds through 4.18.26030.3011, with 4.18.26040.7 as the first fixed version; public reporting also notes that the platform is used not just by Defender but by System Center Endpoint Protection and older Security Essentials deployments. In plain English: a local attacker can disrupt Defender so it stops protecting the host as intended.

Microsoft's MEDIUM 4.0 baseline is too low for enterprise prioritization once you factor in reality: this is KEV-listed, Microsoft says it is exploited in the wild, and Huntress observed related UnDefend tooling in a real intrusion. The vendor score is still directionally correct about the *precondition*—the attacker needs local code execution first—but it understates the operational impact of temporarily blinding a security control that sits on a huge Windows fleet.

"Post-compromise and not permanent, but active exploitation against your AV layer makes this a high-priority Defender patch."

02 · The Attack Path

4 steps from start to impact.

STEP 01

Get code execution on the endpoint

The attacker must already be able to run code locally on the Windows host. In observed reporting, Huntress tied use of the Nightmare-Eclipse toolset to a broader intrusion following likely compromised FortiGate SSL VPN access, which is exactly the point: this bug is not initial access, it is a post-compromise enabler.

Conditions required:

Attacker has local execution on the target host
Target is running affected Defender Antimalware Platform versions

Where this breaks in practice:

Requires an earlier compromise stage or hands-on-keyboard access
WDAC/AppLocker/EDR can block unsigned or newly dropped tooling before it runs

Detection/coverage: Exposure scanners will usually catch the vulnerable platform version; they will not prove exploitability. EDR should still see the launcher, staging paths, and process ancestry even if Defender itself is the thing being disrupted.

STEP 02

Launch public UnDefend tooling

Public Nightmare-Eclipse/UnDefend tooling has been referenced in multiple reports and was observed by Huntress during an intrusion. The tool watches Defender-related directories and service state, then races to interfere with normal Defender file usage and restart behavior.

Conditions required:

Attacker can drop and execute a local binary or equivalent tool
Defender update/signature paths are accessible to the running context as expected by the exploit logic

Where this breaks in practice:

Commodity operators can misuse the tool; Huntress noted attackers making operational mistakes
Some application control stacks or tamper-protection-adjacent detections may block or alert on the binary before it is effective

Detection/coverage: Look for binaries staged in user-writable paths, suspicious command lines, directory-change monitoring abuse, and execution near Defender update activity. Public tooling means detection content should appear quickly in EDR/IR platforms.

STEP 03

Race Defender's file and restart workflow

Per Huntress' analysis, UnDefend abuses Defender's operational workflow by locking definition-related files and waiting on WinDefend stop/restart events. This creates a denial-of-service state where Defender cannot properly reload or use the files it needs, degrading protection.

Conditions required:

Exploit process remains running and keeps the file handles open
Timing conditions line up with file updates or service restart behavior

Where this breaks in practice:

This is a runtime disruption, not a durable implant; if the process dies, the OS releases the handles
IR responders or EDR can often terminate the offending process and immediately restore normal access

Detection/coverage: Service-stop telemetry, handle locking against Defender definition files, and abrupt Defender health degradation are your best signals. Traditional network scanners will not see this behavior.

STEP 04

Use the protection gap for follow-on activity

The real attacker value is not the DoS itself; it is the temporary coverage gap it creates on a widely deployed endpoint control. That gives the operator a cleaner window to stage payloads, execute malware, or blunt remediation on the host.

Conditions required:

Defender disruption succeeds long enough to matter
Attacker has follow-on objectives such as persistence, credential access, or payload staging

Where this breaks in practice:

A second security layer can still catch the next stage
If the host is isolated or the process is killed quickly, the blast radius stays local and short-lived

Detection/coverage: Correlate Defender health failures with subsequent suspicious binaries, service creation, LSASS access, tunneling tools, or lateral movement attempts. The exploit is the setup; the next-stage activity is often louder.

03 · Intelligence Metadata

The supporting signals.

In-the-wild status	Confirmed exploited. Microsoft said the Defender flaws were observed in the wild, CISA placed this CVE in KEV, and Huntress documented UnDefend activity during a live intrusion.
KEV status	Listed in KEV on 2026-05-20 with a federal due date of 2026-06-03 per NVD's KEV reference block and CISA KEV.
Proof-of-concept availability	Public tooling exists. Reporting ties the issue to the publicly released UnDefend tool from Nightmare-Eclipse on GitHub; Help Net Security specifically calls out a wave of Defender PoCs.
EPSS	0.04106 from your intel block, which is modest by itself; however EPSS becomes secondary once a CVE is KEV-listed and exploitation is confirmed. See FIRST EPSS documentation and API/data docs.
Vendor CVSS	Microsoft CNA: `CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L` = 4.0 / MEDIUM. That vector matters because it says local, not remote.
Scoring discrepancy	NVD currently shows a conflicting enriched 7.5 AV:N vector on the record, while Microsoft's CNA vector remains local 4.0. Until technical evidence proves remote reachability, treat the Microsoft preconditions as authoritative and regard the NVD enrichment as a warning flag, not your patch priority driver.
Affected versions	Microsoft Defender Antimalware Platform <= 4.18.26030.3011 is the commonly reported affected line; BleepingComputer notes the same platform family is also used by System Center Endpoint Protection and Security Essentials.
Fixed version	4.18.26040.7 is the first fixed Defender Antimalware Platform version in public reporting and NVD/MSRC-linked references.
Exposure reality	Wide installed base, narrow reachability. This is not a Shodan/Censys-style internet exposure problem because Defender is a host-resident control, not an edge service. The reachable population is limited to systems where the attacker already has local execution, but the installed population is enormous.
Disclosure and attribution	Disclosed 2026-05-20. Microsoft did not publicly credit a reporter for this CVE in the reporting reviewed, while multiple outlets tied exploitation tooling to the Nightmare-Eclipse / Chaotic Eclipse disclosures and PoC releases.

04 · The Call

noisgate verdict.

Final Verdict

↑ UPGRADED to HIGH (7.2/10)

The single biggest reason this lands in HIGH is that it is actively exploited against a ubiquitous endpoint security control, so the attacker is not just crashing an app—they are creating a window where your built-in protection is degraded. The single biggest reason it is not CRITICAL is equally clear: the exploit path still requires local execution first, which makes this a post-initial-access amplifier rather than an internet-scale entry bug.

HIGH Affected/fixed version threshold

HIGH KEV and active exploitation status

MEDIUM Final severity reassessment given conflicting NVD enrichment

Why this verdict

Upgrade for exploitation evidence: KEV listing and Microsoft/Huntress exploitation evidence are the main upward pressure; once attackers are using it, a vendor 4.0 label is not enough for fleet triage.
Downgrade for attacker position: the Microsoft CNA vector is local. That implies the attacker already has code execution on the box, so this is post-initial-access and cannot by itself compromise a clean internet-facing host.
Upgrade for blast-radius quality, not quantity: the impact is 'only' DoS, but the thing being denied is Defender itself. Temporarily blinding endpoint protection is materially worse than crashing some random userland app because it enables quieter follow-on abuse.

Why not higher?

This is not a remote pre-auth wormable bug, and the currently authoritative vendor vector does not support that story. Huntress also notes the disruption is not permanent—when the exploit process exits, the held handles are released and Defender recovers—so the worst-case impact usually depends on what the attacker does next, not on the DoS alone.

Why not lower?

A plain local low-availability DoS would normally stay in MEDIUM. What pushes it above that is the combination of real-world exploitation, public tooling, and the fact that the victim component is a security control whose temporary failure directly improves attacker operating conditions.

05 · Compensating Control

What to do — in priority order.

Force Defender platform currency — Validate that endpoints are on Defender Antimalware Platform 4.18.26040.7 or later and force update channels where drift exists. Because this is actively exploited, do this immediately, within hours, not on the normal monthly endpoint cadence.
Block untrusted local tooling — Use WDAC, AppLocker, or equivalent allow-listing to stop unsigned or low-reputation binaries from user-writable paths. This directly attacks the exploit chain's most important prerequisite—local execution—and should be tightened immediately, within hours on exposed admin/VPN populations.
Alert on Defender health degradation — Create detections for WinDefend stop/restart anomalies, abrupt Defender engine/platform health changes, and file-handle abuse against Defender definition paths. Stand this up immediately, within hours because it is the fastest way to catch both failed and successful attempts while patching catches up.
Hunt for staged public PoC artifacts — Search for binaries and command lines associated with UnDefend and nearby tooling in user-writable directories, especially after suspicious VPN or remote-access events. Run this hunt immediately, within hours because exploitation here is a strong indicator of broader host compromise.

What doesn't work

A network WAF does not help; this is not a web request parsing bug on an edge service.
Relying on MFA alone does not help once the attacker already has local execution on the endpoint.
A reboot by itself is not a fix; it may clear a transient lock, but vulnerable platform versions remain vulnerable until the updated Defender platform is installed.

06 · Verification

Crowdsourced verification payload.

Run this on the target Windows endpoint or via your remote management tool as local administrator. Invoke with powershell.exe -ExecutionPolicy Bypass -File .\Test-CVE-2026-45498.ps1; it checks the installed Defender Antimalware Platform version and returns VULNERABLE, PATCHED, or UNKNOWN.

noisgate-verify.ps1

POWERSHELLREAD-ONLYSAFE

# Test-CVE-2026-45498.ps1

# Checks Microsoft Defender Antimalware Platform version for CVE-2026-45498.

# Exit codes: 0=PATCHED, 1=VULNERABLE, 2=UNKNOWN


[CmdletBinding()]
param()

$ErrorActionPreference = 'Stop'

function Convert-VersionToParts {
    param([string]$Version)
    if ([string]::IsNullOrWhiteSpace($Version)) { return $null }
    $clean = $Version.Trim()
    $segments = $clean.Split('.')
    $parts = @()
    foreach ($s in $segments) {
        $n = 0
        if (-not [int]::TryParse($s, [ref]$n)) { return $null }
        $parts += $n
    }
    return ,$parts
}

function Compare-VersionParts {
    param(
        [int[]]$A,
        [int[]]$B
    )
    $max = [Math]::Max($A.Count, $B.Count)
    for ($i = 0; $i -lt $max; $i++) {
        $av = if ($i -lt $A.Count) { $A[$i] } else { 0 }
        $bv = if ($i -lt $B.Count) { $B[$i] } else { 0 }
        if ($av -gt $bv) { return 1 }
        if ($av -lt $bv) { return -1 }
    }
    return 0
}

try {
    $fixedVersion = '4.18.26040.7'
    $vulnerableMax = '4.18.26030.3011'

    $mp = Get-MpComputerStatus -ErrorAction Stop
    $installedVersion = $mp.AMProductVersion

    if ([string]::IsNullOrWhiteSpace($installedVersion)) {
        Write-Output 'UNKNOWN - Defender AMProductVersion not available'
        exit 2
    }

    $installedParts = Convert-VersionToParts -Version $installedVersion
    $fixedParts = Convert-VersionToParts -Version $fixedVersion
    $vulnParts = Convert-VersionToParts -Version $vulnerableMax

    if ($null -eq $installedParts -or $null -eq $fixedParts -or $null -eq $vulnParts) {
        Write-Output ('UNKNOWN - Unable to parse version string: ' + $installedVersion)
        exit 2
    }

    $cmpFixed = Compare-VersionParts -A $installedParts -B $fixedParts
    $cmpVuln = Compare-VersionParts -A $installedParts -B $vulnParts

    if ($cmpFixed -ge 0) {
        Write-Output ('PATCHED - Defender Antimalware Platform version ' + $installedVersion + ' is >= ' + $fixedVersion)
        exit 0
    }

    if ($cmpVuln -le 0) {
        Write-Output ('VULNERABLE - Defender Antimalware Platform version ' + $installedVersion + ' is <= ' + $vulnerableMax)
        exit 1
    }

    Write-Output ('UNKNOWN - Defender Antimalware Platform version ' + $installedVersion + ' is between known vulnerable and fixed thresholds; verify against vendor advisory')
    exit 2
}
catch {
    Write-Output ('UNKNOWN - ' + $_.Exception.Message)
    exit 2
}

07 · Bottom Line

If you remember one thing.

TL;DR

Monday morning, treat this as a HIGH that behaves like an emergency because it is KEV-listed and actively exploited: identify every Windows endpoint still below 4.18.26040.7, force Defender platform updates, and deploy temporary execution controls and detections immediately, within hours. For formal planning, the noisgate mitigation SLA is overridden by active exploitation so mitigation happens now, and the noisgate remediation SLA for the actual vendor patch would normally be <= 180 days for HIGH—but in practice for this CVE you should collapse that and finish patching the exposed fleet on your fastest endpoint-update track, not the routine backlog cycle.

Sources

Peer Review

What defenders are saying.

Submit a review attribution: handle + country only

0 flags selected · stored anonymously

Validation Results

Crowdsourced verification outputs.

Results submitted by users who ran the verification payload against their environment.