Microsoft Defender Antivirus security intelligence May 2026

[harlan4096]

Stable channel updates:

• Antimalware Client Version: 4.18.26040.7
  
• Engine Version: 1.1.26040.8
  

The security intelligence version listed here is relevant to the listed engine release. Newer versions of security intelligence are released regularly. For more information, see Security intelligence updates for Microsoft Defender Antivirus and other Microsoft anti-malware.

Enhancements and features​

• Performance improvement for SFC cache build during engine reload.
  
• Reduced API calls for Device Control to prevent Entra throttling and improved logging.
  
• Improved TVM Block logic handling.
  
• Fixed TVM Warn temporary paths exclusion issue when Tamper Protection Exclusions and Disable Local Admin Merge (DLAM) are enabled.
  
• Fixed Defender managed type when migrating from Co-management to Intune.
  
• Fixed three CVEs:
  • CVE-2026-41091: Microsoft Defender Elevation of Privilege Vulnerability — Improper link resolution before file access (Important; fixed in Engine 1.1.26040.8).
    
  • CVE-2026-45498: Microsoft Defender Denial of Service Vulnerability (Low; fixed in Platform 4.18.26040.7).
    
  • CVE-2026-45584: Microsoft Defender Remote Code Execution Vulnerability — Heap-based buffer overflow (Critical; fixed in Engine 1.1.26040.8).
    

Beta channel update: Engine Version: 1.1.26050.11