Share
## https://sploitus.com/exploit?id=F35CF8F2-A192-56B7-A6B5-B39F85D5F791
# Microsoft Defender Vulnerability Scanner ๐Ÿ›ก๏ธ

**CVE-2026-41091** (Local Privilege Escalation to SYSTEM) + **CVE-2026-45498** (Denial of Service)

Actively exploited in the wild โ€” CISA KEV May 20, 2026.

## Features
- Checks Windows Defender configuration
- Detects vulnerable Defender versions
- Identifies Defender processes running as SYSTEM
- Remote scanning capability
- Detailed mitigation checklist

## Installation
```bash
git clone https://github.com/ridhinva/defender-vulnerability-scanner.git
cd defender-vulnerability-scanner
```

## Usage
```bash
python3 defender_scanner.py                   # Local system check
python3 defender_scanner.py --remote    # Remote target
python3 defender_scanner.py --checklist       # Manual checklist
python3 defender_scanner.py --json            # JSON output
```

## How It Works
Queries Windows Defender via PowerShell cmdlets (`Get-MpComputerStatus`) to check real-time protection status, engine version, and running processes. Compares version against the patched threshold (4.18.2405.7). CVE-2026-41091 allows a local attacker to gain SYSTEM privileges via a link following vulnerability in Defender's file handling. CVE-2026-45498 enables DoS via specially crafted files.

## References
- CVE-2026-41091: Microsoft Defender LPE
- CVE-2026-45498: Microsoft Defender DoS
- CISA KEV: Added 2026-05-20

## Author
@c_y_p_h3r