<![CDATA[https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45584]]>

Security Update Guide - Microsoft Security Response Center

favicon

(msrc.microsoft.com)

One job. You had one job.

Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.

]]>https://board.circlewithadot.net/topic/3d6d235c-ddf4-4cb3-816c-f23f5b8e9f16/https-msrc.microsoft.com-update-guide-vulnerability-cve-2026-45584RSS for NodeMon, 25 May 2026 14:27:38 GMTWed, 20 May 2026 20:16:24 GMT60<![CDATA[Reply to https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45584 on Thu, 21 May 2026 05:09:59 GMT]]>@nyanbinary they should fire more engineers, so they have more funds for copilot tokens

]]>https://board.circlewithadot.net/post/https://chaos.social/users/swym/statuses/116610839292779932https://board.circlewithadot.net/post/https://chaos.social/users/swym/statuses/116610839292779932Thu, 21 May 2026 05:09:59 GMT<![CDATA[Reply to https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45584 on Wed, 20 May 2026 22:37:14 GMT]]>@catsalad I stripped Defender out of my Windows 10 LTSC installs and just use my estranged parents' Kaspersky family license lol

]]>https://board.circlewithadot.net/post/https://ioc.exchange/ap/users/116596538263481113/statuses/116609294952941907https://board.circlewithadot.net/post/https://ioc.exchange/ap/users/116596538263481113/statuses/116609294952941907Wed, 20 May 2026 22:37:14 GMT<![CDATA[Reply to https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45584 on Wed, 20 May 2026 22:14:35 GMT]]>@catsalad @nyanbinary

Was it Defender that would execute JS without a sandbox and was trivially exploitable likeā€¦a few years ago? I think that was them.

]]>https://board.circlewithadot.net/post/https://mastodon.well.com/users/rk/statuses/116609205879589783https://board.circlewithadot.net/post/https://mastodon.well.com/users/rk/statuses/116609205879589783Wed, 20 May 2026 22:14:35 GMT<![CDATA[Reply to https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45584 on Wed, 20 May 2026 22:01:47 GMT]]>@nyanbinary

]]>https://board.circlewithadot.net/post/https://mastodon.social/users/Viss/statuses/116609155569498978https://board.circlewithadot.net/post/https://mastodon.social/users/Viss/statuses/116609155569498978Wed, 20 May 2026 22:01:47 GMT<![CDATA[Reply to https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45584 on Wed, 20 May 2026 21:55:39 GMT]]>@nyanbinary

Link Preview Image
]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/malwareminigun/statuses/116609131453306931https://board.circlewithadot.net/post/https://infosec.exchange/users/malwareminigun/statuses/116609131453306931Wed, 20 May 2026 21:55:39 GMT<![CDATA[Reply to https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45584 on Wed, 20 May 2026 21:48:26 GMT]]>@nyanbinary I'm sure they learned their lesson and won't let it ever happen again!

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/catsalad/statuses/116609103096176828https://board.circlewithadot.net/post/https://infosec.exchange/users/catsalad/statuses/116609103096176828Wed, 20 May 2026 21:48:26 GMT<![CDATA[Reply to https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45584 on Wed, 20 May 2026 20:39:54 GMT]]>@nyanbinary maybe the 11 in windows 11 meant the cvss score?

]]>https://board.circlewithadot.net/post/https://social.linux.pizza/users/bws/statuses/116608833553699645https://board.circlewithadot.net/post/https://social.linux.pizza/users/bws/statuses/116608833553699645Wed, 20 May 2026 20:39:54 GMT<![CDATA[Reply to https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45584 on Wed, 20 May 2026 20:27:39 GMT]]>@LucasWerkmeister the best defense is a good offense. This is why the A in AV now stands for Agentic, performing fully autonomous cyber offense operations from your laptop!

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/nyanbinary/statuses/116608785394151718https://board.circlewithadot.net/post/https://infosec.exchange/users/nyanbinary/statuses/116608785394151718Wed, 20 May 2026 20:27:39 GMT<![CDATA[Reply to https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45584 on Wed, 20 May 2026 20:25:58 GMT]]>

Successful exploitation of this vulnerability would require a remote, unauthenticated attacker to entice a local user to take multiple actions that results in Defender scanning a malicious file that has been quarantined.

This is something I love about some AV vulnerabilities - intentionally triggering detections as part of exploitation. Also had that with the Nightmare Eclipse Defender vulns & also had me giggle there . I just ... feels right!

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/nyanbinary/statuses/116608778810205026https://board.circlewithadot.net/post/https://infosec.exchange/users/nyanbinary/statuses/116608778810205026Wed, 20 May 2026 20:25:58 GMT<![CDATA[Reply to https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45584 on Wed, 20 May 2026 20:25:39 GMT]]>@nyanbinary Microsoft Offender

]]>https://board.circlewithadot.net/post/https://wikis.world/users/LucasWerkmeister/statuses/116608777526580975https://board.circlewithadot.net/post/https://wikis.world/users/LucasWerkmeister/statuses/116608777526580975Wed, 20 May 2026 20:25:39 GMT<![CDATA[Reply to https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45584 on Wed, 20 May 2026 20:22:33 GMT]]>@nyanbinary Ouch.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/adulau/statuses/116608765357676108https://board.circlewithadot.net/post/https://infosec.exchange/users/adulau/statuses/116608765357676108Wed, 20 May 2026 20:22:33 GMT