CVE-2026-55012
Microsoft Defender Remote Code Execution Vulnerability
Description
Integer overflow or wraparound in Microsoft Defender allows an unauthorized attacker to execute code locally.
In plain language
AI Act nowCVE-2026-55012 is a Microsoft Defender bug that can let an attacker run arbitrary code on your machine if they can get a victim to interact with it; small businesses using Microsoft Malware Protection Engine should update because the fix is available.
CVE-2026-55012 is an integer overflow in Microsoft Malware Protection Engine that can lead to local arbitrary code execution; it is triggered via a local interaction with no required authentication.
What to do now
- Check whether your Microsoft Malware Protection Engine is installed and what version it is currently running.
- If your version is older than 1.1.26060.3008, plan an update as soon as possible.
- Update Microsoft Malware Protection Engine to 1.1.26060.3008 or later.
- After updating, confirm the new version is active and do a quick review for any unusual process activity around the time of the update.
CVSS Vector Breakdown
AV:LAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:RUser InteractionS:UScopeC:HConfidentialityI:HIntegrityA:HAvailabilityWeaknesses
Affected Products
Exploitability
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
2 techniquesReferences
- Microsoft and Adobe Patch Tuesday, July 2026 Security Update Reviewen-us·Qualys Security Blog·
- Microsoft Patch Tuesday for July 2026 — Snort rules and prominent vulnerabilitiesen·Cisco Talos·
- Microsoft Patch Tuesday July 2026 - The AI Acopolypse is Hereen·SANS Internet Storm Center·
- Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-daysen-us·BleepingComputer·
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-55012 and every CVE in our database. Create a free account — no credit card required.
Create Free Account