CVE-2026-55012
Received Received - Intake

Microsoft Defender Integer Overflow Code Execution

Vulnerability report for CVE-2026-55012, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Integer overflow or wraparound in Microsoft Defender allows an unauthorized attacker to execute code locally.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft defender to 2026-10-01 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

This vulnerability can have severe impacts if exploited. Here are the potential consequences:

  • An attacker could execute arbitrary code on your system, potentially gaining full control over it.
  • Sensitive data stored on the affected system could be accessed, modified, or stolen.
  • The attacker could install malware, create backdoors, or perform other malicious activities without your knowledge.
  • Since Microsoft Defender is a security product, its compromise could undermine other security measures on the system.

The CVSS score of 7.8 (High) indicates a significant risk, particularly because it allows local code execution with high impact on confidentiality, integrity, and availability.

Executive Summary

CVE-2026-55012 is an integer overflow or wraparound vulnerability in Microsoft Defender. This flaw allows an unauthorized attacker to execute arbitrary code on a vulnerable system locally.

An integer overflow occurs when a calculation exceeds the maximum limit of an integer data type, causing it to wrap around to a smaller or negative value. In this case, the vulnerability can be exploited to execute malicious code with the privileges of the affected application.

Compliance Impact

This vulnerability can impact compliance with several standards and regulations, depending on the context of its exploitation:

  • GDPR (General Data Protection Regulation): If the vulnerability leads to unauthorized access or exfiltration of personal data, it could result in a data breach. Organizations may face fines, legal action, or reputational damage for failing to protect personal data adequately.
  • HIPAA (Health Insurance Portability and Accountability Act): For organizations handling protected health information (PHI), exploitation of this vulnerability could lead to unauthorized access to PHI. This would constitute a breach under HIPAA, requiring notification and potentially resulting in penalties.
  • Other standards like ISO 27001, NIST, or PCI DSS may also be affected if the vulnerability undermines security controls required by these frameworks. For example, failure to patch a critical vulnerability could violate requirements for maintaining secure systems.

Organizations should assess the risk posed by this vulnerability and take appropriate remediation steps to maintain compliance with applicable regulations.

Detection Guidance

The provided context does not include specific detection methods or commands for identifying CVE-2026-55012 on a network or system. Detection typically involves checking the installed version of Microsoft Defender and verifying if it is patched against this vulnerability.

To check the version of Microsoft Defender on a Windows system, you can use the following command in PowerShell or Command Prompt:

  • PowerShell: Get-MpComputerStatus | Select-Object AMServiceVersion
  • Command Prompt: sc query WinDefend

Compare the installed version with the patched version listed in Microsoft's update guide for CVE-2026-55012.

Mitigation Strategies

To mitigate CVE-2026-55012, apply the latest security update provided by Microsoft for Microsoft Defender. The update will patch the integer overflow or wraparound vulnerability.

  • Download and install the latest security update from the Microsoft Update Catalog or via Windows Update.
  • Ensure automatic updates are enabled to receive future security patches promptly.
  • Monitor Microsoft's security advisory for CVE-2026-55012 for additional guidance or updates.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-55012. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart