Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Microsoft Defender Elevation of Privilege Vulnerability

Vulnerability

Exploited

Patched

A vulnerability in Microsoft Defender related to improper link resolution before file access, known as 'link following', allows an authorized attacker to locally elevate privileges. This issue affects the Microsoft Malware Protection Engine versions prior to 1.1.26040.8.

Impact

Exploitation of this vulnerability allows an attacker to gain SYSTEM privileges.

Remediation

Users can update to the latest version of the Microsoft Malware Protection Engine to address this vulnerability. For enterprise deployments, it's recommended to verify that the automatic deployment of Microsoft Malware Protection Engine updates is functioning as expected.

Added: May 20, 2026, 1:24 PM

Updated: May 20, 2026, 4:54 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

10.0

exploitability

5.0

remediation

7.7

relevance

8.9

threat

8.1

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

10.0

exploitability

5.0

remediation

7.7

relevance

8.9

threat

8.1

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Microsoft Defender Elevation of Privilege Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft Defender

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating