Microsoft Defender Zero-Days: CISA Patch Deadline June 3
CISA added two actively exploited Microsoft Defender vulnerabilities to its Known Exploited Vulnerabilities catalog on May 20, 2026. Federal agencies face a hard remediation deadline of June 3 under Binding Operational Directive 22-01. Private-sector MSPs are not legally bound by BOD 22-01, but ignoring a KEV listing for the endpoint protection platform running across your entire client base is a risk calculation that does not work in your favor.
The two CVEs target the Microsoft Malware Protection Engine and Defender Antimalware Platform directly. One grants SYSTEM-level privileges. The other disables Defender entirely. Both have confirmed in-the-wild exploitation, reported by Huntress alongside a third related Defender flaw. For MSPs managing dozens or hundreds of M365 tenants, this is not a routine Patch Tuesday footnote.
CVE-2026-41091: Local Privilege Escalation to SYSTEM
CVSS: 7.8 (High) Vulnerability type: Improper link resolution before file access (CWE-59) Affected component: Microsoft Malware Protection Engine
CVE-2026-41091 exploits a link-following flaw in the Malware Protection Engine. An attacker who already has local access to a machine can abuse Defender’s file-resolution logic to escalate from a standard user account to SYSTEM. Full control. Domain persistence. Lateral movement.
The attack requires local access, which means an initial foothold through phishing, compromised credentials, or another vulnerability must come first. That prerequisite might sound reassuring in isolation, but MSPs should recognize the pattern: privilege escalation flaws like this are the second stage of nearly every intrusion chain that ends in ransomware deployment. The attacker lands with low-privilege access, then immediately pivots to SYSTEM using whatever escalation path is available. When that path runs through the endpoint protection engine itself, the irony is structural.
The fix ships in Malware Protection Engine version 1.1.26040.8.
CVE-2026-45498: Denial of Service Against Defender
CVSS: 4.0 (Medium) Vulnerability type: Insufficient input validation Affected component: Microsoft Defender Antimalware Platform (versions 4.18.26030.3011 and earlier)
CVE-2026-45498 stems from insufficient validation of user-supplied input in Defender’s scanning engine. A specially crafted file, delivered through email, web download, or network share, triggers an input validation error when Defender’s real-time protection attempts to scan it. The result: Defender enters a denial-of-service state and stops functioning.
A CVSS score of 4.0 understates the operational impact. Broadcom’s threat intelligence team tracks this vulnerability under the name “UnDefend” for a reason. In a targeted attack, disabling the endpoint protection platform is not the objective; it is the prerequisite. An attacker chains CVE-2026-45498 to blind Defender, then drops the actual payload undetected. The CVSS score measures the DoS in isolation. The real-world risk includes everything that follows.
The fix ships in Antimalware Platform version 4.18.26040.7.
The Broader Attack Surface: RedSun, UnDefend, and BlueHammer
These two CVEs do not exist in a vacuum. Security researchers have linked the exploitation activity to RedSun and UnDefend, two Defender zero-days disclosed by the threat actor cluster known as Chaotic Eclipse (also tracked as Nightmare-Eclipse). Huntress has also observed parallel exploitation of BlueHammer (CVE-2026-33825), another Defender-adjacent flaw, suggesting a coordinated campaign targeting Microsoft’s endpoint security stack.
This activity arrives during an already heavy patch cycle. Microsoft’s May 2026 Patch Tuesday addressed 265 total vulnerabilities (137 Microsoft, 128 Chromium-based Edge), including 30 rated Critical. Among them: CVE-2026-41089, a CVSS 9.8 stack-based buffer overflow in Windows Netlogon allowing unauthenticated remote code execution on domain controllers, and CVE-2026-40402, a CVSS 9.3 Hyper-V escape enabling guest-to-host privilege escalation.
And then there is CVE-2026-35431: a CVSS 10.0 server-side request forgery in Microsoft Entra ID Entitlement Management. No authentication required. Low attack complexity. No user interaction needed. Microsoft patched this one server-side, so no customer action is required, but the fact that the identity platform underpinning every M365 tenant carried a maximum-severity SSRF underscores the point: the Microsoft security stack is under sustained pressure across multiple layers simultaneously.
What MSPs Should Do Before June 3
1. Verify Defender Platform and Engine Versions Across Every Tenant
Do not assume automatic updates have deployed. Run the following in an elevated PowerShell session on each endpoint, or push it through your RMM:
Get-MpComputerStatus | Select-Object AMProductVersion, AMEngineVersion, AntispywareSignatureVersion
Confirm:
- Antimalware Platform version is 4.18.26040.7 or later (fixes CVE-2026-45498)
- Engine version is 1.1.26040.8 or later (fixes CVE-2026-41091)
Any endpoint running Antimalware Platform 4.18.26030.3011 or earlier is vulnerable. Flag it, escalate it, patch it.
2. Check for Update Delivery Failures
Defender updates can fail silently when Windows Update is misconfigured, WSUS is stale, or group policies block automatic definition updates. Environments that manage Defender updates through Microsoft Endpoint Configuration Manager or WSUS rather than direct cloud delivery are especially prone to lag.
Query update status:
Get-MpComputerStatus | Select-Object AntivirusSignatureLastUpdated, AntispywareSignatureLastUpdated
If the last update timestamp is older than 48 hours, investigate the update channel before assuming the endpoint is protected.
3. Audit Defender Configuration Against CIS M365 Foundations Benchmark Controls
Patching addresses the specific CVEs. It does not address the configuration drift that determines how resilient your Defender deployment is when the next vulnerability lands. The CIS Microsoft 365 Foundations Benchmark includes specific controls for Defender configuration, including anti-spam filter settings, safe attachment policies, real-time protection posture, and connection filter configurations.
Key controls to validate:
- Real-time protection is enabled and enforced via policy, not left to endpoint-level settings that users or malware can disable.
- Cloud-delivered protection and automatic sample submission are active, ensuring Defender can leverage Microsoft’s cloud intelligence layer rather than relying solely on local signature databases.
- Anti-spam connection filter IP allow lists are not in use (CIS control 2.1.12). Manually maintained allow lists bypass spam filtering and create persistent blind spots.
- Connection filter safe list is disabled (CIS control 2.1.13). The safe list is dynamically managed by Microsoft, and enabling it locally introduces filtering inconsistencies.
- Audit logging is enabled and retained per benchmark requirements, so you have forensic visibility if exploitation has already occurred.
4. Do Not Wait for the CISA Deadline If You Are Not a Federal Agency
BOD 22-01 gives federal agencies until June 3. MSPs should treat that as the outer boundary, not the target. The vulnerabilities are being actively exploited now. The patches are available now. Every day an endpoint remains unpatched is a day where an attacker can escalate to SYSTEM or disable Defender entirely across a client environment.
Why This Matters Beyond Patching
Patching CVE-2026-41091 and CVE-2026-45498 is table stakes. The deeper question these vulnerabilities surface is one of architectural dependency.
MSPs that rely solely on Microsoft Defender for endpoint protection across their client base are placing a single bet. When the protection platform itself becomes the attack vector, the security model has a single point of failure at its foundation. March 2026 reporting from Office 365 IT Pros raised questions about Defender’s quality and Microsoft’s transparency practices after a 14-week gap between a Defender fix deployment and its public disclosure. That same platform now has two actively exploited zero-days in the same month.
This is not an argument against using Defender. It remains a capable endpoint protection platform with deep M365 integration. The argument is against treating any single vendor’s security tooling as a complete security posture.
Independent CIS benchmark assessments exist precisely for this scenario. They evaluate M365 security configuration against a vendor-neutral, industry-maintained baseline. They identify controls that are misconfigured, disabled, or missing regardless of which protection platform is in place. When the protection platform itself is compromised, the controls assessed by CIS benchmarks determine whether the blast radius is contained or unlimited.
An MSP that completed a CIS M365 Foundations Benchmark assessment in the last quarter would already know the state of Defender’s real-time protection enforcement, update delivery mechanisms, and audit logging across every tenant. That MSP can verify patch deployment with confidence and validate that no configuration drift occurred during the exploitation window. An MSP without that baseline is troubleshooting blind.
The Operational Takeaway
Patch the two Defender CVEs immediately. Verify the patch landed. Then ask the harder question: if the next zero-day hits Defender again, do you have independent visibility into the security configuration of every M365 tenant you manage, or are you entirely dependent on the tool that just failed?
The CIS Microsoft 365 Foundations Benchmark provides that independent visibility. It is not a regulation. It is not a compliance checkbox. It is a technical baseline maintained by practitioners, and it covers the exact controls that determine whether a Defender vulnerability becomes an isolated patching exercise or a client-wide incident.
June 3 is the federal deadline. For MSPs, the real deadline was May 20, when CISA confirmed active exploitation. Act accordingly.