Advanced compromise networks are refining execution parameters to exploit an operational logic failure inside core security drivers to disable endpoint tracking loops and elevate system access authority. The exploit scripts leverage improper pointer parsing behaviors during file system verification routines to trick underlying protective components.
The vulnerabilities, tracked as CVE-2026-41091 and CVE-2026-45498, affect the Microsoft Malware Protection Engine and the associated Antimalware Platform developed by Microsoft. The primary exploit route relies on improper link resolution paths before file access operations, allowing low-privilege script items to force the high-privilege service account to follow redirected folders. Compromise clusters are incorporating this vector within post-exploitation workflows to reliably spawn command prompts running under full SYSTEM privileges.
Executing privilege escalation maneuvers through defects located inside the security utility itself represents a deliberate strategy to blind endpoint logging systems. Once low-privilege access is obtained on an asset via identity-focused phishing or web exploits, threat groups deploy this link-following script to stop the engine from processing updated signature definitions, allowing secondary payloads to run without triggering alerts.
– Confirm that all enterprise workstations have successfully processed and updated to Malware Protection Engine version 1.1.26040.8 or higher.
– Apply strict group policies to block unprivileged user access to directory symbolic link operations within local storage locations.
– Monitor centralized server dashboards for unexpected or rapid antimalware agent disconnection trends across the workstation fleet.
– Restrict binary installation properties out of temporary user spaces to break the initialization phase of local privilege payloads.
Endpoint protection stability depends completely on isolating primary security drivers from file manipulation tools engineered to secure unauthorized administrative privilege escalations. #CodeDefence #Microsoft #Defender #CISA #KEV #PrivilegeEscalation
/
