CVE-2026-41091
Microsoft Defender Elevation of Privilege Vulnerability
Description
Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.
In plain language
AI Act nowCVE-2026-41091 is a serious Microsoft Defender weakness that can let an attacker gain higher access on your device if they can already run something there; if you use Microsoft Defender, you should act urgently because it is known to be exploited in the wild.
What to do
- Update Microsoft Malware Protection Engine / Microsoft Defender to the latest security update your vendor provides for CVE-2026-41091.
- Check with your IT person (or Microsoft management tools) that endpoints actually installed the Defender/engine update, not just that “updates were pending.”
- Review endpoint security logs for unusual local activity around Defender and privilege changes, and isolate any suspicious device immediately.
CVSS Vector Breakdown
AV:LAttack VectorAC:LAttack ComplexityPR:LPrivileges RequiredUI:NUser InteractionS:UScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
2 techniquesReferences
- Опубликован эксплоит для 0-day-уязвимости LegacyHive в Windowsru-ru·Хакер (xakep.ru)·
- Microsoft исправила уязвимость RoguePlanet. Исследователь утверждает, что патч опасенru-ru·Хакер (xakep.ru)·
- Microsoft Patches Defender ‘RoguePlanet’ Vulnerabilityen-us·SecurityWeek·
- Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privilegesen·The Hacker News·
- В Microsoft работают над патчем для 0-day-уязвимости RoguePlanetru-ru·Хакер (xakep.ru)·
- Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Developmenten·The Hacker News· Summary only·
- Microsoft Working on Patch for ‘RoguePlanet’ Zero-Dayen-us·SecurityWeek·
- Эксплоит GreatXML позволяет обойти шифрование BitLockerru-ru·Хакер (xakep.ru)·
- 15th June – Threat Intelligence Reporten-us·Check Point Research·
- Июньский «В тренде VM»: уязвимости ядра Linux, Microsoft Defender и устройств Palo Alto Networksru·Хабр — Информационная безопасность· Summary only·
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-41091 and every CVE in our database. Create a free account — no credit card required.
Create Free Account