CVE-2026-41091: Microsoft Defender Symlink Following — Low-Privilege to SYSTEM via Malware Protection Engine

Executive Summary

CVE-2026-41091 is a high-severity (CVSS 7.8) local privilege escalation vulnerability in the Microsoft Malware Protection Engine (MMPE) — the scanning component at the core of Microsoft Defender Antivirus. By planting a malicious symbolic link before Defender accesses a file, a low-privilege authenticated attacker can redirect Defender’s high-privilege file operations to an arbitrary system target, achieving SYSTEM-level write or delete access. CISA added this to the Known Exploited Vulnerabilities catalog on May 20, 2026, confirming active exploitation in the wild. A patch is available and should be applied immediately.

Affected Versions

Vulnerable: Microsoft Malware Protection Engine (MMPE) prior to version 1.1.26040.8

The MMPE version is distinct from the Defender application version. To check your current engine version:

Get-MpComputerStatus | Select-Object AMEngineVersion

MMPE updates are typically delivered automatically via Windows Update and Microsoft Update. In managed environments where automatic updates are delayed or disabled, manual verification is required.

Vulnerability Details

The flaw resides in how the Microsoft Malware Protection Engine resolves symbolic links during file scanning operations. When Defender encounters a file for scanning, it performs a lookup to resolve the file path before accessing it. The vulnerability arises because MMPE resolves symbolic links without sufficient validation that the resolved target is within the intended scope of the operation.

Root cause: Link-following vulnerability (CWE-59) in the path resolution logic of MMPE. The engine follows attacker-created symlinks under the assumption that the resolved path is safe to operate on with elevated privilege.

Attack chain:

1. Attacker creates a file or directory at a location Defender will scan — for example, a file in a user-writable directory that triggers scheduled or real-time scanning
2. Attacker creates a symbolic link at the scan target location pointing to a protected system resource (e.g., a critical system file, registry hive backup, or privileged configuration file)
3. Defender’s MMPE, running as SYSTEM, follows the symlink and performs its operation (read, write, or delete) on the attacker’s chosen target
4. The attacker has now caused a SYSTEM-privileged file operation on an arbitrary path they control the destination of

The practical outcome is typically arbitrary file write or deletion as SYSTEM, which can be leveraged for full privilege escalation — overwriting a service binary, planting a scheduled task payload, or deleting a security-critical file to destabilise the system.

This class of vulnerability (antivirus engine symlink EoP) has a well-documented history. Similar issues have affected Defender, Sophos, Trend Micro, and other AV products. The trust a security product places in the file system to navigate safely, combined with its inherently elevated privilege level, makes AV engines recurring targets for this attack pattern.

Exploitation in the Wild

Microsoft confirmed active exploitation in its disclosure. CISA’s KEV addition on May 20, 2026 requires federal agencies to remediate by June 3, 2026. Reporting from BleepingComputer and Help Net Security confirms observed exploitation, though the specific threat actors or campaigns involved have not been publicly attributed at time of writing.

The exploitation context matters: this is a local privilege escalation, meaning an attacker must already have low-level access to a target system. In practice this means CVE-2026-41091 is being used as a post-initial-access escalation step — likely chained after phishing, initial access via a different vulnerability, or credential compromise. It is not a remote entry point by itself.

Patch and Remediation

Patch: Update the Microsoft Malware Protection Engine to version 1.1.26040.8 or later.

In most environments, MMPE updates automatically. To force an immediate update:

# Force signature and engine update
Update-MpSignature -UpdateSource MicrosoftUpdateServer

# Verify updated engine version
Get-MpComputerStatus | Select-Object AMEngineVersion, AntivirusSignatureLastUpdated

For enterprise environments using WSUS or SCCM for update management, verify that MMPE definition updates are not blocked or delayed. Microsoft Defender engine updates are classified as definition updates, and environments that gate definition updates through approval workflows may have delayed deployment.

Workaround: There is no effective workaround. Restricting symlink creation for non-administrator users via Group Policy (Create symbolic links user right) provides partial mitigation but is not a complete fix and may break legitimate software.

Detection

Audit symbolic link creation: Enable auditing of object access and look for events where a symlink is created in a user-writable path shortly before a Defender scan event. Windows Security event 4663 (object access) and 4656 (handle request) are relevant.

Monitor for unexpected SYSTEM writes in system paths: An unusual SYSTEM-attributed write to directories outside %SystemRoot%\Temp and %SystemRoot%\Prefetch following low-privilege user activity is a potential indicator.

MMPE version telemetry: In environments with Defender for Endpoint or MDE, the engine version is available in the device inventory. Alert on devices running MMPE versions below 1.1.26040.8.

Indicators of compromise: No public IOCs have been released for the specific exploitation campaigns. Focus detection effort on the behavioural pattern (symlink creation → scan trigger → SYSTEM file operation) rather than static indicators.