CVE-2026-45498: Microsoft Defender Denial of Service Vulnerability
Summary
A denial of service vulnerability has been identified in Microsoft Defender. CISA has issued a directive requiring agencies to apply mitigations by June 3, 2026, or discontinue use if mitigations are not available. The ransomware use of this vulnerability is currently unknown.
IFF Assessment
This vulnerability allows for a denial of service attack, which directly impacts the availability of critical security software, hindering defenders' ability to protect systems.
Severity
The vulnerability allows for denial of service, which is a significant impact. While the attack vector is unspecified, the potential for disruption to a widely used security product warrants a high score, and the exploitability is likely moderate.
CISA KEV: Listed as actively exploited. Federal patch due: June 03, 2026. Known ransomware use: Unknown.
Defender Context
Defenders must prioritize patching or applying mitigations for Microsoft Defender to prevent potential denial of service attacks that could cripple endpoint protection. The prompt federal due date indicates the severity and potential for exploitation.