{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-45584/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2026-45584"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Defender"],"_cs_severities":["critical"],"_cs_tags":["cve-2026-45584","heap-overflow","rce","microsoft-defender"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2026-45584 is a critical vulnerability affecting Microsoft Defender. This heap-based buffer overflow allows an unauthorized attacker to execute arbitrary code on a vulnerable system over a network. The vulnerability was published on May 20, 2026. Successful exploitation could lead to a complete compromise of the affected system, potentially allowing the attacker to steal sensitive data, install malware, or disrupt critical services. Defenders need to ensure Microsoft Defender is up to date to mitigate this risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker sends a specially crafted network packet to the targeted system.\u003c/li\u003e\n\u003cli\u003eMicrosoft Defender processes the malicious packet.\u003c/li\u003e\n\u003cli\u003eThe packet triggers a heap-based buffer overflow within Defender\u0026rsquo;s processing logic.\u003c/li\u003e\n\u003cli\u003eThe overflow allows the attacker to overwrite adjacent memory regions on the heap.\u003c/li\u003e\n\u003cli\u003eThe attacker carefully crafts the overflow data to inject malicious code into the process.\u003c/li\u003e\n\u003cli\u003eThe injected code is designed to execute with the privileges of the Microsoft Defender service.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s code executes, granting control over the system.\u003c/li\u003e\n\u003cli\u003eThe attacker can now perform actions such as installing malware, exfiltrating data, or establishing persistence.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-45584 allows a remote, unauthenticated attacker to execute arbitrary code on a system running Microsoft Defender. This could lead to complete system compromise, data theft, malware installation, and denial of service. Given the widespread use of Microsoft Defender, a successful attack could have a significant impact across many organizations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security update released by Microsoft to address CVE-2026-45584 on all systems running Microsoft Defender immediately.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious patterns indicative of exploitation attempts targeting this vulnerability.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided in this brief to your SIEM to detect potential exploitation activity.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-20T13:19:27Z","date_published":"2026-05-20T13:19:27Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-45584-defender-rce/","summary":"CVE-2026-45584 is a heap-based buffer overflow vulnerability in Microsoft Defender that allows an unauthorized attacker to execute arbitrary code over a network.","title":"CVE-2026-45584 - Microsoft Defender Heap-based Buffer Overflow RCE","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-45584-defender-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-45584","version":"https://jsonfeed.org/version/1.1"}