Microsoft has started shipping patches for two Microsoft Defender flaws that attackers were already abusing in the wild as zero-days. The more serious of the pair, tracked as CVE-2026-41091 and nicknamed RedSun, is a local privilege-escalation bug in the Microsoft Malware Protection Engine that hands an attacker SYSTEM-level access. The second, CVE-2026-45498 or UnDefend, lets an ordinary user choke off Defender's definition updates, knocking the antimalware platform into a denial-of-service state. Both were reported last month by an independent researcher operating under the handle "Nightmare Eclipse," and CISA has since added them to its Known Exploited Vulnerabilities catalog.

The two vulnerabilities

CVE-2026-41091 (RedSun) lives in the Microsoft Malware Protection Engine, affecting version 1.1.26030.3008 and earlier. According to the NVD entry, the root cause is improper link resolution before file access — a "link following" weakness — that an authorized (i.e., already authenticated) attacker can leverage to elevate privileges on the local machine. Because the Defender engine runs with high privileges, successfully steering one of its file operations through an attacker-controlled link results in code execution as SYSTEM. The CVE.org record, published May 20, 2026, carries the same description. A proof-of-concept and write-up for the technique have been published in the 0xBlackash/CVE-2026-41091 repository, which characterizes RedSun as a local privilege-escalation (LPE) method that abuses the link-following flaw in Defender.

CVE-2026-45498 (UnDefend) affects the Microsoft Defender Antimalware Platform, version 4.18.26030.3011 and earlier. Unlike RedSun, it does not grant code execution; instead a standard, non-privileged user can use it to prevent Defender from pulling down new definition updates. On a system left unpatched, that turns into a denial-of-service condition against the antimalware platform itself — leaving the host with stale signatures and effectively degrading its protection.

Patches and affected versions

Microsoft has released Malware Protection Engine builds 1.1.26040.8 and 4.18.26040.7 to close both holes. The company notes that the majority of customers don't need to lift a finger, because Defender's antimalware definitions and platform components update automatically by default. That said, Microsoft still advises confirming the rollout took effect:

  • Open Windows Security and verify that automatic updates are turned on.
  • Check that the installed engine and signature versions match (or exceed) the fixed builds above.

Anyone running an engine at or below 1.1.26030.3008, or a platform at or below 4.18.26030.3011, should treat their system as exposed until the updated versions land.

Federal patch mandate and a related BitLocker bug

CISA placed both CVE-2026-41091 and CVE-2026-45498 in its Known Exploited Vulnerabilities (KEV) catalog and, under Binding Operational Directive 22-01, directed Federal Civilian Executive Branch agencies to remediate affected Windows systems by June 3. The agency reiterated that bugs of this kind are a recurring entry point for attackers. Separately, Microsoft published mitigations for YellowKey, a newly disclosed Windows BitLocker zero-day that can allow an attacker to reach data on protected drives.

Technical background: link-following privilege escalation

The following is general, illustrative background on this class of vulnerability. The commands below are generic examples — they are not specific to RedSun, UnDefend, or any IOC from this incident.

Link-following (also called symlink or junction abuse) bugs arise when a privileged process touches a filesystem path that a lower-privileged user can control, without first verifying that the path is a real file rather than a redirect. On Windows, unprivileged users can frequently create NTFS junctions and object-manager symbolic links even in directories the privileged process trusts.

The classic pattern looks like this:

  1. A high-privilege service (such as an antimalware engine) is known to write, move, or delete a file at a predictable location — for example a temp or quarantine directory.
  2. A low-privilege attacker replaces that directory (or a file within it) with a junction or symlink pointing somewhere sensitive.
  3. When the privileged process performs its file operation, it follows the link and acts on the attacker-chosen target with SYSTEM rights — overwriting a protected file, planting a DLL, or corrupting a security boundary.

Conceptually, an attacker might plant a redirection like this with a tool such as the widely used CreateSymlink / junction utilities:


# Generic illustration only — not the RedSun exploit
CreateSymlink.exe "C:\ProgramData\Vendor\Engine\temp" "\RPC Control\target"
CreateDosDeviceSymlink.exe "target" "C:\Windows\System32\evil.dll"

The fix for these issues — and the approach Microsoft's updated engine builds take — is to resolve and validate paths before access, open files with flags that refuse to traverse reparse points (for example FILE_FLAG_OPEN_REPARSE_POINT semantics), and tighten permissions on the directories the privileged process relies on.

Recommendations

  • Confirm via Windows Security that Defender's engine is at 1.1.26040.8 / platform 4.18.26040.7 or later, and that automatic updates are enabled.
  • For managed fleets, audit endpoints for hosts still reporting engine 1.1.26030.3008 or platform 4.18.26030.3011 and below, since those are the vulnerable builds.
  • Federal agencies subject to BOD 22-01 should have completed remediation by the June 3 deadline; others should prioritize accordingly given active exploitation.
  • Apply Microsoft's published YellowKey BitLocker mitigations if your environment relies on BitLocker for at-rest protection.