nyanbinary (unvalued goose)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45584

One job. You had one job.

Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.

Security Update Guide - Microsoft Security Response Center

May 20 at 8:16pmWeb
Show threadnyanbinary (unvalued goose)May 20

Successful exploitation of this vulnerability would require a remote, unauthenticated attacker to entice a local user to take multiple actions that results in Defender scanning a malicious file that has been quarantined.

This is something I love about some AV vulnerabilities - intentionally triggering detections as part of exploitation. Also had that with the Nightmare Eclipse Defender vulns & also had me giggle there  . I just ... feels right!

Show threadAlexandre DulaunoyMay 20
@nyanbinary Ouch.
Show threadLucas WerkmeisterMay 20
@nyanbinary Microsoft Offender
Show threadnyanbinary (unvalued goose)May 20
@LucasWerkmeister the best defense is a good offense. This is why the A in AV now stands for Agentic, performing fully autonomous cyber offense operations from your laptop!
Show threadMr Alex FortisMay 21
@nyanbinary @LucasWerkmeister from defender to offender to slopfender
Show threadbwsMay 20
@nyanbinary maybe the 11 in windows 11 meant the cvss score?
Show threadCat 🐈🥗 (D.Burch) May 20
@nyanbinary I'm sure they learned their lesson and won't let it ever happen again! 
Show threadrk: it’s hyphen-minus actuallyMay 20

@catsalad @nyanbinary

Was it Defender that would execute JS without a sandbox and was trivially exploitable like…a few years ago? I think that was them.

Show threadHovav ShachamMay 21

@rk @catsalad @nyanbinary Yup, in 2017. @natashenka had a PoC that fit in a tweet.

[https://project-zero.issues.chromium.org/42450276]

Project Zero

Show threadBilly O'NealMay 20
@nyanbinary
Show threadVissMay 20
@nyanbinary
Show threadswymMay 21
@nyanbinary they should fire more engineers, so they have more funds for copilot tokens