## https://sploitus.com/exploit?id=F35CF8F2-A192-56B7-A6B5-B39F85D5F791
# Microsoft Defender Vulnerability Scanner ๐ก๏ธ
**CVE-2026-41091** (Local Privilege Escalation to SYSTEM) + **CVE-2026-45498** (Denial of Service)
Actively exploited in the wild โ CISA KEV May 20, 2026.
## Features
- Checks Windows Defender configuration
- Detects vulnerable Defender versions
- Identifies Defender processes running as SYSTEM
- Remote scanning capability
- Detailed mitigation checklist
## Installation
```bash
git clone https://github.com/ridhinva/defender-vulnerability-scanner.git
cd defender-vulnerability-scanner
```
## Usage
```bash
python3 defender_scanner.py # Local system check
python3 defender_scanner.py --remote # Remote target
python3 defender_scanner.py --checklist # Manual checklist
python3 defender_scanner.py --json # JSON output
```
## How It Works
Queries Windows Defender via PowerShell cmdlets (`Get-MpComputerStatus`) to check real-time protection status, engine version, and running processes. Compares version against the patched threshold (4.18.2405.7). CVE-2026-41091 allows a local attacker to gain SYSTEM privileges via a link following vulnerability in Defender's file handling. CVE-2026-45498 enables DoS via specially crafted files.
## References
- CVE-2026-41091: Microsoft Defender LPE
- CVE-2026-45498: Microsoft Defender DoS
- CISA KEV: Added 2026-05-20
## Author
@c_y_p_h3r