Antimalware products are supposed to remove malicious files, not be sure they are there
In the quiet machinery of digital defense, two cracks have appeared in one of the world's most widely deployed security tools. Microsoft has issued emergency repairs for a pair of zero-day flaws in its Defender platform — one capable of handing attackers the keys to an entire system, the other capable of silencing the guard entirely — after a researcher named Nightmare Eclipse turned the antivirus's own protective instincts against it. The vulnerabilities, now under active exploitation, remind us that the tools we trust to watch over us carry their own blind spots, and that trust without verification is its own kind of risk.
- A security researcher publicly mocked Defender's own logic, showing how its cloud-file behavior could be weaponized to overwrite critical system files and hand attackers full administrative control.
- A second exploit can make Defender appear fully operational and up to date while it is, in reality, completely disabled — a false sense of safety more dangerous than no protection at all.
- U.S. cyber agencies have confirmed that threat actors are already using these vulnerabilities in the wild, compressing the window between disclosure and disaster for unpatched systems.
- Microsoft pushed emergency patches that should deploy automatically, yet took the rare step of urging customers not to trust automation — explicitly recommending manual verification that updates actually landed.
- The partial publication of proof-of-concept exploits means a roadmap now exists for attackers even where full technical details were withheld, raising the stakes for every organization still running older Defender versions.
Microsoft issued emergency patches this week for two zero-day vulnerabilities in its Defender antimalware platform, both of which had already been demonstrated publicly and were being actively exploited before fixes arrived.
The first flaw, CVE-2026-41091, allows an attacker with local access to escalate privileges all the way to SYSTEM level by abusing the way Defender resolves file links. The second, CVE-2026-45498, is blunter: it can crash Defender's Antimalware Platform entirely, stripping machines of their primary protection. Though its CVSS score of 4 places it in the medium range, the practical consequence for any system running version 4.18.26030.3011 or earlier is a wide-open exposure.
Both vulnerabilities were uncovered by a researcher known as Nightmare Eclipse, who published proof-of-concept exploits in April under the names RedSun and UnDefend. The RedSun disclosure came with a note of dark amusement. Eclipse explained that when Defender identifies a cloud-tagged malicious file, it performs a baffling operation: it rewrites the file back to its original location. By crafting a file with the right cloud tag, an attacker can trick Defender into overwriting critical system files with attacker-controlled content. Eclipse's commentary was pointed — an antivirus, the researcher observed, is supposed to remove malicious files, not ensure they stay in place.
The UnDefend technique was handled with more restraint. Eclipse discovered a way to make Defender's console falsely report that the engine is fully patched and running, when it is not. Judging the damage potential too high, the researcher chose not to publish the full method — though enough detail exists in public to give threat actors a working roadmap.
Microsoft's patches should deploy automatically across most Windows environments, but the company took the unusual step of explicitly urging customers to manually verify that updates had actually applied. The advisory's careful language amounted to an acknowledgment that automatic deployment cannot be assumed. With U.S. cyber agencies already reporting active exploitation attempts, the gap between disclosure and verified patching has become a vulnerability in its own right.
Microsoft released emergency patches this week for two zero-day vulnerabilities in Defender that researchers had already begun exploiting in the wild. The flaws expose a fundamental tension in how the company's antimalware engine handles suspicious files—one that a security researcher exposed with a mixture of technical precision and dark humor.
The first vulnerability, tracked as CVE-2026-41091, allows an attacker with local access to escalate their privileges to SYSTEM level by exploiting the way Defender resolves file links before accessing them. The second, CVE-2026-45498, is simpler and more blunt: it can crash Defender's Antimalware Platform entirely, leaving machines without active malware protection. That one carries a CVSS severity score of 4, technically medium-level, but the practical consequence is severe—a system running version 4.18.26030.3011 or earlier could lose its primary defense against infection.
The patches arrived as emergency releases and should deploy automatically across most Windows installations, but Microsoft has taken the unusual step of explicitly warning customers to manually verify that updates are actually landing in their environments. The company's advisory reads almost like a confession of doubt: "Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Engine updates and malware definitions, is working as expected in their environment." In other words, don't assume it worked. Check.
Both vulnerabilities trace back to a researcher operating under the GitHub handle Nightmare Eclipse, who published proof-of-concept exploits in April under the names RedSun and UnDefend. Eclipse's disclosure was notable not for stealth but for candor. On April 16, the researcher posted an explanation of how the RedSun exploit works, prefacing it with a comment that the flaw was "way too funny" to keep quiet about. The humor, it turns out, was at Defender's expense.
When Defender encounters a file flagged in Microsoft's cloud database as potentially malicious, it performs a curious operation: it rewrites the file back to its original location. Eclipse's exploit weaponizes this behavior. By crafting a malicious file with a cloud tag, an attacker can trick Defender into overwriting critical system files with attacker-controlled content, effectively handing over administrative control of the machine. "When Windows Defender realises that a malicious file has a cloud tag, for whatever stupid and hilarious reason, the antivirus that's supposed to protect decides that it is a good idea to just rewrite the file it found again to its original location," Eclipse wrote. The researcher added a note of exasperation: "I think antimalware products are supposed to remove malicious files not be sure they are there but that's just me."
The UnDefend exploit, which enables the denial-of-service condition, was handled differently. Eclipse discovered a way to deceive Defender's endpoint detection and response console into displaying false status information—making it appear that the antimalware engine is running with the latest patches when it actually isn't. Rather than publish the full technique, Eclipse chose restraint, reasoning that the damage potential was too high. "I was thinking about publishing the code but after thinking about it, it will cause waaay too much damage so I think I'll keep that stuff stashed for now," the researcher noted.
The fact that both exploits are now public, even in partial form, means threat actors have a roadmap. The U.S. Cybersecurity and Infrastructure Security Agency has already flagged active exploitation attempts. For organizations running older versions of Defender, the window between disclosure and patch deployment is a critical vulnerability in itself. Microsoft's emphasis on manual verification suggests the company understands that automatic updates are not a guarantee—and that in this case, verification matters more than usual.
Notable Quotes
When Windows Defender realises that a malicious file has a cloud tag, for whatever stupid and hilarious reason, the antivirus that's supposed to protect decides that it is a good idea to just rewrite the file it found again to its original location.— Nightmare Eclipse, security researcher
I was thinking about publishing the code but after thinking about it, it will cause waaay too much damage so I think I'll keep that stuff stashed for now.— Nightmare Eclipse, on the UnDefend exploit
The Hearth Conversation Another angle on the story
Why would Defender rewrite a malicious file back to its original location? That seems backwards.
It's a cloud-based decision. When Defender sees a file tagged as suspicious in Microsoft's cloud database, it assumes the file itself is the problem and tries to restore it. The logic breaks down when an attacker uses that behavior as a weapon—they craft something that looks malicious to the cloud system but is actually a tool to overwrite system files.
So the researcher is saying Defender's own protection mechanism became a vulnerability.
Exactly. And they found it funny enough to publish it, even while acknowledging the damage potential. The UnDefend exploit they kept private—that one they decided was too dangerous to release.
What does it mean that Microsoft is telling customers to manually verify patches deployed automatically?
It means the company isn't confident in its own update pipeline. If automatic deployment were reliable, there'd be no need to verify. The warning is essentially an admission that some machines might not get patched, and customers need to check.
How long would a machine be vulnerable if the patch didn't deploy?
Until someone manually applied it or until the next automatic attempt succeeded. In an active exploitation scenario, that could be days or weeks—long enough for an attacker to gain SYSTEM privileges or disable Defender entirely.
Is there a window where both exploits are public but unpatched?
Yes. The proof-of-concept code is out there. Threat actors have the technical details. Any organization running older Defender versions is exposed until they patch, and they won't know they're exposed unless they verify the update actually landed.