CIRCLE WITH A DOT

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45584

12 Posts 10 Posters 0 Views

N nyanbinary@infosec.exchange

Security Update Guide - Microsoft Security Response Center

(msrc.microsoft.com)

One job. You had one job.
Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.
L This user is from outside of this forum
L This user is from outside of this forum
lucaswerkmeister@wikis.world

wrote last edited by

#3

@nyanbinary Microsoft Offender
N 1 Reply Last reply

0
N nyanbinary@infosec.exchange

Security Update Guide - Microsoft Security Response Center

(msrc.microsoft.com)

One job. You had one job.
Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.
N This user is from outside of this forum
N This user is from outside of this forum
nyanbinary@infosec.exchange

wrote last edited by

#4

Successful exploitation of this vulnerability would require a remote, unauthenticated attacker to entice a local user to take multiple actions that results in Defender scanning a malicious file that has been quarantined.
This is something I love about some AV vulnerabilities - intentionally triggering detections as part of exploitation. Also had that with the Nightmare Eclipse Defender vulns & also had me giggle there . I just ... feels right!
1 Reply Last reply

0
L lucaswerkmeister@wikis.world

@nyanbinary Microsoft Offender
N This user is from outside of this forum
N This user is from outside of this forum
nyanbinary@infosec.exchange

wrote last edited by

#5

@LucasWerkmeister the best defense is a good offense. This is why the A in AV now stands for Agentic, performing fully autonomous cyber offense operations from your laptop!
1 Reply Last reply

0
N nyanbinary@infosec.exchange

Security Update Guide - Microsoft Security Response Center

(msrc.microsoft.com)

One job. You had one job.
Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.
B This user is from outside of this forum
B This user is from outside of this forum
bws@social.linux.pizza

wrote last edited by

#6

@nyanbinary maybe the 11 in windows 11 meant the cvss score?
1 Reply Last reply

0
N nyanbinary@infosec.exchange

Security Update Guide - Microsoft Security Response Center

(msrc.microsoft.com)

One job. You had one job.
Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.
C This user is from outside of this forum
C This user is from outside of this forum
catsalad@infosec.exchange

wrote last edited by

#7

@nyanbinary I'm sure they learned their lesson and won't let it ever happen again!
R A 2 Replies Last reply

0
N nyanbinary@infosec.exchange

Security Update Guide - Microsoft Security Response Center

(msrc.microsoft.com)

One job. You had one job.
Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.
M This user is from outside of this forum
M This user is from outside of this forum
malwareminigun@infosec.exchange

wrote last edited by

#8

@nyanbinary
1 Reply Last reply

0
N nyanbinary@infosec.exchange

Security Update Guide - Microsoft Security Response Center

(msrc.microsoft.com)

One job. You had one job.
Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.
V This user is from outside of this forum
V This user is from outside of this forum
viss@mastodon.social

wrote last edited by

#9

@nyanbinary
1 Reply Last reply

0
C catsalad@infosec.exchange

@nyanbinary I'm sure they learned their lesson and won't let it ever happen again!
R This user is from outside of this forum
R This user is from outside of this forum
rk@mastodon.well.com

wrote last edited by

#10

@catsalad @nyanbinary
Was it Defender that would execute JS without a sandbox and was trivially exploitable like…a few years ago? I think that was them.
1 Reply Last reply

0
C catsalad@infosec.exchange

@nyanbinary I'm sure they learned their lesson and won't let it ever happen again!
A This user is from outside of this forum
A This user is from outside of this forum
abt1181@ioc.exchange

wrote last edited by

#11

@catsalad I stripped Defender out of my Windows 10 LTSC installs and just use my estranged parents' Kaspersky family license lol
1 Reply Last reply
1
0
R relay@relay.infosec.exchange shared this topic

R relay@relay.publicsquare.global shared this topic
N nyanbinary@infosec.exchange

Security Update Guide - Microsoft Security Response Center

(msrc.microsoft.com)

One job. You had one job.
Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.
S This user is from outside of this forum
S This user is from outside of this forum
swym@chaos.social

wrote last edited by

#12

@nyanbinary they should fire more engineers, so they have more funds for copilot tokens
1 Reply Last reply

0
R relay@relay.an.exchange shared this topic

Log in to reply