Microsoft and CISA verify Defender zero-days exploited within the wild.
Getty
Microsoft has began rolling out an emergency safety replace for Microsoft Defender after the U.S. Cybersecurity and Infrastructure Safety Company confirmed that two new zero-day vulnerabilities are already being exploited within the wild by attackers. One is a privilege escalation drawback that impacts the Microsoft Malware Safety Engine, whereas the opposite has a broader scope, affecting Microsoft Defender Antimalware Platform and Microsoft’s System Middle Endpoint Safety. Right here’s what you want to learn about CVE-2026-41091 and CVE-2026-45498, together with the mitigation measures confirmed by Microsoft.
Microsoft Defender CVE-2026-41091 And CVE-2026-45498 Zero-Days Defined
Microsoft has now confirmed two new Microsoft Defender zero-days that it stated had been exploited. This exploitation was confirmed by CISA, which has added the safety flaws to its Known Exploited Vulnerabilities catalog and given federal companies till June 3 to make sure mitigation measures are in place.
It has not been the best few days for Microsoft on the safety entrance, particularly relating to zero-day vulnerabilities. Microsoft Alternate customers have been warned about an active zero-day exploit demanding emergency mitigation, the now notorious ‘angry hacker’ dropped one other two public zero-day exploits, and the Pwn2Own Berlin hacking occasion uncovered quite a few Home windows zero-days. All throughout the area of every week.
The primary has a Frequent Vulnerabilities and Exposures designation of CVE-2026-41091, and Microsoft described it as a Microsoft Defender elevation of privilege vulnerability brought on by an improper hyperlink decision earlier than file entry. This zero-day impacts the Microsoft Malware Safety Engine as much as model 1.1.26030.3008 and will give a profitable attacker SYSTEM privileges with all that entails.
The second, CVE-2026-45498, is a denial of service vulnerability impacting Microsoft Defender. Microsoft stated that this impacts the Defender Antimalware Platform as much as model 4.18.26030.3011, together with different merchandise that use it, together with Microsoft System Middle Endpoint Safety, Microsoft System Middle 2012 R2 Endpoint Safety, Microsoft System Middle 2012 Endpoint Safety and Microsoft Safety Necessities.
When including the zero-days to the KEV Catalog database, CISA warned that “a majority of these vulnerabilities are frequent assault vectors for malicious cyber actors,” and accordingly gave Federal Civilian Govt Department companies simply 14 days, beginning Could 20, to mitigate the risk.
“For enterprise deployments in addition to finish customers,” Microsoft stated, “the default configuration in Microsoft antimalware software program helps be certain that malware definitions and the Microsoft Malware Safety Engine are stored updated mechanically,” and as such no motion is required because the replace that’s now rolling out will get utilized with out consumer enter. Nevertheless, it’s value checking that the default configuration nonetheless applies to your copy of Microsoft Defender and that computerized updating is, certainly, enabled. Microsoft has suggested that customers ought to confirm set up of the replace by opening the Home windows Safety program, deciding on Virus & risk safety after which Safety Updates.
