UnDefend - Microsoft Defender Denial of Service Vulnerability

Successful exploitation can disrupt Microsoft Defender operations on the affected host, degrading or disabling endpoint protection functions. Reported effects include causing Defender services to become unavailable or unresponsive and breaking antivirus signature updates. In practice, this can reduce detection and prevention coverage, create a window for follow-on malicious activity, and aid defense evasion on compromised systems. The vulnerability is confirmed in the provided content as having been exploited in the wild and added to CISA's KEV catalog.

Ensure Microsoft Defender automatic updates are functioning and verify deployed versions meet or exceed the fixed releases referenced in the provided content. Monitor for unusual Defender service failures, unresponsiveness, or signature update disruptions that could indicate exploitation or attempted exploitation. Restrict local user privileges where possible to reduce abuse opportunities. If patches cannot be applied promptly, follow vendor and CISA guidance, increase behavioral and endpoint monitoring, and consider isolating or discontinuing use of affected systems until remediated. Systems with Defender disabled are described in the provided content as not exploitable in practice for this issue.

Update affected systems to the fixed Microsoft Defender components identified in the provided content. The vulnerability affects Microsoft Defender Antimalware Platform version 4.18.26030.3011 and earlier, and Microsoft fixed CVE-2026-45498 in Microsoft Defender Antimalware Platform version 4.18.26040.7. Some reporting in the provided content also references Microsoft Malware Protection Engine version 1.1.26040.8 as part of the broader Defender update cycle. Organizations should verify that Defender platform and engine updates have been successfully applied across endpoints through normal automatic update mechanisms or enterprise update management.