Defender

CVEs (40)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2026-41091	Microsoft Defender	Hig	0.63	7.8	0.08	KEV	May 20, 2026	Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.
CVE-2017-0290	Microsoft Malware Protection Engine	Hig	0.60	7.8	0.77		May 9, 2017	The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server…
CVE-2026-45584	Microsoft Defender	Hig	0.53	8.1	0.01		May 20, 2026	Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.
CVE-2017-11937	Microsoft Malware Protection Engine	Hig	0.53	7.8	0.28		Dec 7, 2017	The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and…
CVE-2017-11940	Microsoft Malware Protection Engine	Hig	0.52	7.8	0.20		Dec 8, 2017	The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and…
CVE-2017-8536	Microsoft Exchange Server	Med	0.40	5.5	0.17		May 26, 2017	The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server…
CVE-2026-45498	Microsoft Defender	Med	0.38	4.0	0.63	KEV	May 20, 2026	Microsoft Defender Denial of Service Vulnerability
CVE-2021-1647	Microsoft Defender		0.18	—	0.40	KEV	Jan 12, 2021	Microsoft Defender Remote Code Execution Vulnerability
CVE-2024-29053	Microsoft Defender for IoT		0.01	—	0.03		Apr 9, 2024	Microsoft Defender for IoT Remote Code Execution Vulnerability
CVE-2024-21324	Microsoft Defender for IoT		0.01	—	0.02		Apr 9, 2024	Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVE-2024-21323	Microsoft Defender for IoT		0.01	—	0.03		Apr 9, 2024	Microsoft Defender for IoT Remote Code Execution Vulnerability
CVE-2021-43888	Microsoft Defender for IoT		0.01	—	0.03		Dec 15, 2021	Microsoft Defender for IoT Information Disclosure Vulnerability
CVE-2021-31985	Microsoft Defender		0.01	—	0.08		Jun 8, 2021	Microsoft Defender Remote Code Execution Vulnerability
CVE-2019-1255	Microsoft Defender		0.01	—	0.04		Sep 23, 2019	A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'.
CVE-2025-62459	Microsoft Defender		0.00	—	0.00		Nov 20, 2025	Microsoft Defender Portal Spoofing Vulnerability
CVE-2024-38089	Microsoft Defender		0.00	—	0.01		Jul 9, 2024	Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVE-2024-29054	Microsoft Defender for IoT		0.00	—	0.02		Apr 9, 2024	Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVE-2024-29055	Microsoft Defender for IoT		0.00	—	0.02		Apr 9, 2024	Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVE-2024-21322	Microsoft Defender for IoT		0.00	—	0.03		Apr 9, 2024	Microsoft Defender for IoT Remote Code Execution Vulnerability
CVE-2023-33156	Microsoft Defender		0.00	—	0.00		Jul 11, 2023	Microsoft Defender Elevation of Privilege Vulnerability

CVE-2026-41091HigKEVMay 20, 2026
Microsoft
Defender
risk 0.63cvss 7.8epss 0.08
Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.
CVE-2017-0290HigMay 9, 2017
Microsoft
Malware Protection Engine
risk 0.60cvss 7.8epss 0.77
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server…
CVE-2026-45584HigMay 20, 2026
Microsoft
Defender
risk 0.53cvss 8.1epss 0.01
Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.
CVE-2017-11937HigDec 7, 2017
Microsoft
Malware Protection Engine
risk 0.53cvss 7.8epss 0.28
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and…
CVE-2017-11940HigDec 8, 2017
Microsoft
Malware Protection Engine
risk 0.52cvss 7.8epss 0.20
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and…
CVE-2017-8536MedMay 26, 2017
Microsoft
Exchange Server
risk 0.40cvss 5.5epss 0.17
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server…
CVE-2026-45498MedKEVMay 20, 2026
Microsoft
Defender
risk 0.38cvss 4.0epss 0.63
Microsoft Defender Denial of Service Vulnerability
CVE-2021-1647KEVJan 12, 2021
Microsoft
Defender
risk 0.18cvss —epss 0.40
Microsoft Defender Remote Code Execution Vulnerability
CVE-2024-29053Apr 9, 2024
Microsoft
Defender for IoT
risk 0.01cvss —epss 0.03
Microsoft Defender for IoT Remote Code Execution Vulnerability
CVE-2024-21324Apr 9, 2024
Microsoft
Defender for IoT
risk 0.01cvss —epss 0.02
Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVE-2024-21323Apr 9, 2024
Microsoft
Defender for IoT
risk 0.01cvss —epss 0.03
Microsoft Defender for IoT Remote Code Execution Vulnerability
CVE-2021-43888Dec 15, 2021
Microsoft
Defender for IoT
risk 0.01cvss —epss 0.03
Microsoft Defender for IoT Information Disclosure Vulnerability
CVE-2021-31985Jun 8, 2021
Microsoft
Defender
risk 0.01cvss —epss 0.08
Microsoft Defender Remote Code Execution Vulnerability
CVE-2019-1255Sep 23, 2019
Microsoft
Defender
risk 0.01cvss —epss 0.04
A denial of service vulnerability exists when Microsoft Defender improperly handles files, aka 'Microsoft Defender Denial of Service Vulnerability'.
CVE-2025-62459Nov 20, 2025
Microsoft
Defender
risk 0.00cvss —epss 0.00
Microsoft Defender Portal Spoofing Vulnerability
CVE-2024-38089Jul 9, 2024
Microsoft
Defender
risk 0.00cvss —epss 0.01
Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVE-2024-29054Apr 9, 2024
Microsoft
Defender for IoT
risk 0.00cvss —epss 0.02
Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVE-2024-29055Apr 9, 2024
Microsoft
Defender for IoT
risk 0.00cvss —epss 0.02
Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVE-2024-21322Apr 9, 2024
Microsoft
Defender for IoT
risk 0.00cvss —epss 0.03
Microsoft Defender for IoT Remote Code Execution Vulnerability
CVE-2023-33156Jul 11, 2023
Microsoft
Defender
risk 0.00cvss —epss 0.00
Microsoft Defender Elevation of Privilege Vulnerability

Page 1 of 2