criticalCISA KEVCVE-2026-45498

Microsoft Defender Denial of Service Vulnerability

Microsoft Defender contains an unspecified vulnerability that allows for denial of service.

ProductDefender
CVSS4.0
EPSS0.63076
UpdatedJuly 9, 2026

Quick answer

Microsoft Defender should be reviewed and updated if it matches the affected versions. The recommended fix is to apply the vendor-supported patched version or the mitigation steps below, then retest the public website with Fixnx.

Who is affected

Affected versions

  • Review vendor advisory for affected versions.

Fixed versions

  • Apply the latest vendor-supported patched version.

How to fix it

CVE-2026-45498 is a Microsoft Defender denial-of-service vulnerability listed as exploited in CISA KEV. Update the Microsoft Defender Antimalware Platform across all endpoints, servers, and workloads; NVD shows versions before 4.18.26040.7 as affected. Most environments receive Defender platform updates automatically, but administrators should verify rollout instead of assuming every device has updated.

  1. Inventory endpoints and servers running Microsoft Defender Antimalware Platform.
  2. Force Microsoft Defender platform updates through Windows Update, Microsoft Defender for Endpoint, Intune, WSUS, or the approved enterprise channel.
  3. Confirm devices update to Microsoft Defender Antimalware Platform 4.18.26040.7 or later.
  4. Investigate devices that are offline, update-blocked, unsupported, or excluded from normal Defender platform updates.
  5. Review Defender health, service stability, and crash or resource-consumption events during the exposure window.
  6. Keep security intelligence, engine, and platform updates enabled for automatic delivery after remediation.
  7. Prioritize internet-facing servers, security tooling hosts, and systems where Defender availability is critical.

Scan now. Google sign-in is only needed to unlock fix guidance.

Verify the fix

  • Run Get-MpComputerStatus or your EDR inventory query and confirm Defender platform version 4.18.26040.7 or later.
  • Verify Defender services are running and healthy after the platform update.
  • Confirm management reports show no remaining vulnerable or stale devices.
  • Review Defender and Windows event logs for repeated service crashes or abnormal resource consumption.
  • Run a Fixnx scan for public services hosted on updated Windows systems.

Related categories

Trusted references

FAQ

What is affected by CVE-2026-45498?

Microsoft Defender should be checked against the vendor advisory and trusted references linked on this page.

What should I fix first?

Start with internet-facing sites, admin panels, login flows, plugins, themes, modules, packages, and systems that process user-controlled input or sensitive data.

How do I confirm the fix worked?

Apply the patched version or mitigation, clear caches where relevant, retest the affected workflow, and run a new Fixnx scan to verify public website exposure signals.

Why can this risk appear in multiple categories?

A vulnerability can belong to more than one platform or ecosystem. Fixnx keeps one canonical risk page while also listing it in every relevant category.