CVE-2026-41091 Overview
CVE-2026-41091 is a local privilege escalation vulnerability in the Microsoft Malware Protection Engine, the core component behind Microsoft Defender. The flaw stems from improper link resolution before file access, classified under [CWE-59]. An authorized local attacker can abuse symbolic or hard links to redirect file operations performed by the privileged Defender process. Successful exploitation grants the attacker elevated privileges on the affected system. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild.
Critical Impact
Local attackers with low privileges can escalate to SYSTEM by manipulating filesystem links processed by the Microsoft Malware Protection Engine, compromising endpoint confidentiality, integrity, and availability.
Affected Products
- Microsoft Malware Protection Engine (all versions prior to the security update)
- Microsoft Defender Antivirus components relying on the Malware Protection Engine
- Windows endpoints and servers shipping Microsoft Defender by default
Discovery Timeline
- 2026-05-20 - CVE-2026-41091 published to NVD
- 2026-05-20 - Last updated in NVD database
Technical Details for CVE-2026-41091
Vulnerability Analysis
The Microsoft Malware Protection Engine performs file operations against paths under contexts where the SYSTEM account holds elevated privileges. The engine resolves file paths without adequately validating whether path components are symbolic links, junctions, or hard links pointing outside the intended target. A local attacker who controls a writable directory can plant a link that redirects an engine-initiated write, delete, or quarantine operation to an arbitrary location.
This class of flaw is commonly referred to as a link-following or filesystem-redirection vulnerability. The attacker does not need to inject code into the Defender process. Instead, the attacker tricks the privileged process into modifying a file the attacker could not otherwise touch. The result is a Local Privilege Escalation primitive that yields integrity and confidentiality compromise across the host.
Root Cause
The root cause is improper link resolution before file access [CWE-59]. The Malware Protection Engine opens, modifies, or removes files based on attacker-influenced paths without using opt-in protections such as FILE_FLAG_OPEN_REPARSE_POINT checks, secure path canonicalization, or impersonation of the requesting user. Because Defender runs with SYSTEM-level rights, any redirected operation inherits those rights.
Attack Vector
Exploitation requires local access and low-privilege authentication. The attacker stages a malicious file in a directory Defender will inspect, then replaces a path component with a symbolic link, NTFS junction, or hard link pointing to a SYSTEM-owned target. When Defender acts on the original path, the operation follows the link and modifies the protected target. No user interaction is required, and the attack complexity is low.
A functional public proof-of-concept is not currently available. See the Microsoft Security Update Guide for vendor-provided technical detail.
Detection Methods for CVE-2026-41091
Indicators of Compromise
- Creation of symbolic links, NTFS junctions, or hard links inside directories scanned by Microsoft Defender, particularly user-writable temp paths.
- Unexpected modifications to SYSTEM-owned files such as C:\Windows\System32 binaries or service DLLs immediately following a Defender scan or quarantine event.
- MsMpEng.exe performing file writes or deletions to paths outside the standard Defender working directories.
- New or modified service binaries, scheduled tasks, or DLLs in privileged locations correlated with low-privilege user activity.
Detection Strategies
- Monitor process telemetry for MsMpEng.exe and related Defender processes writing to or deleting files in protected system directories.
- Alert on creation of reparse points by non-administrative users in directories that Defender scans on demand or on access.
- Correlate Defender scan events with subsequent SYSTEM-context file modifications to detect link-following exploitation patterns.
- Track installation of unexpected services, drivers, or autoruns immediately after Defender file operations.
Monitoring Recommendations
- Enable Microsoft Defender tamper protection and forward Defender operational logs to a centralized SIEM for correlation.
- Audit filesystem object access (Event ID 4663) on sensitive system directories to capture reparse point manipulation.
- Baseline normal MsMpEng.exe file activity and alert on deviations, especially writes outside ProgramData\Microsoft\Windows Defender.
- Review CISA KEV catalog status and prioritize remediation for hosts that have not received the patch.
How to Mitigate CVE-2026-41091
Immediate Actions Required
- Apply the Microsoft security update for the Malware Protection Engine as referenced in the Microsoft Security Update Guide.
- Confirm that the Malware Protection Engine version on every endpoint is updated, since the engine updates independently of Windows cumulative updates.
- Prioritize federal and regulated environments per CISA Known Exploited Vulnerabilities guidance.
- Audit endpoints for indicators of prior exploitation before assuming patched systems are clean.
Patch Information
Microsoft has released an updated Malware Protection Engine that corrects link resolution logic. Engine updates typically deploy automatically through Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Defender for Endpoint cloud-delivered protection. Administrators should verify the deployed engine version on managed endpoints and trigger a manual signature and engine update where automatic delivery is disabled. Refer to the Microsoft Security Update Guide for the fixed engine version and deployment guidance.
Workarounds
- Restrict interactive logon and local access on high-value hosts to limit who can stage link-following payloads.
- Enforce least privilege so standard users cannot create reparse points in directories shared with privileged processes.
- Enable Defender tamper protection and attack surface reduction rules to limit secondary post-exploitation behavior.
- Treat patching as the primary remediation; workarounds do not fully neutralize the underlying link resolution flaw.
# Verify Microsoft Defender engine and signature versions on Windows
Get-MpComputerStatus | Select-Object AMEngineVersion, AMProductVersion, AntivirusSignatureVersion, AMServiceVersion
# Force an immediate signature and engine update
Update-MpSignature
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
