Advanced compromise networks have achieved functional real-world weaponization of two recently identified structural vulnerabilities targeting core platform protective drivers. Attackers are combining these vectors within multi-stage malware frameworks to reliably crash antivirus protection layers and hijack administrative session paths.
The vulnerabilities, tracked as CVE-2026-41091 and CVE-2026-45498, affect the Malware Protection Engine and the associated Antimalware Platform developed by @[Microsoft]. The first flaw allows low-privilege script environments to manipulate link resolution functions to achieve local privilege escalation to a SYSTEM shell. Simultaneously, the companion bug allows unprivileged processes to trigger automated service termination errors, successfully blocking the engine from pulling updated signature definitions.
Subverting host-level tracking capabilities through faults in the protective utility represents an intentional method to neutralize local security monitoring. Once initial access is achieved, adversaries deploy these tools to suppress security logs, drop further operational toolsets, and change critical endpoint settings without triggering active defense alerts.
– Verify that workstation fleets have successfully processed and updated to Malware Protection Engine version 1.1.26040.8 or higher.
– Apply strict application restrictions to stop unverified code items from initializing out of local temporary directories.
– Monitor centralized event consoles for unexpected or rapid antimalware system disconnect states.
– Block unprivileged accounts from making directory configuration link adjustments to break the privilege escalation sequence.
Workstation resilience depends on ensuring that primary security drivers are fully isolated from link manipulation payloads designed to secure administrative control. #CodeDefence #Microsoft #Defender #CISA #KEV #PrivilegeEscalation
/
