2 New Microsoft Defender Zero-Days Exploited—Patch Now Rolling Out
Microsoft said the flaws can grant SYSTEM privileges or trigger denial-of-service states, while CISA gave federal agencies 14 days to mitigate them.
- On Wednesday, Microsoft released patches for two Microsoft Defender zero-day vulnerabilities, CVE-2026-41091 and CVE-2026-45498, which are currently being exploited in the wild.
- CVE-2026-41091 allows privilege escalation within the Microsoft Malware Protection Engine, while CVE-2026-45498 enables denial-of-service attacks on unpatched Windows devices.
- The Cybersecurity and Infrastructure Security Agency added the flaws to its Known Exploited Vulnerabilities Catalog, ordering Federal Civilian Executive Branch agencies to mitigate threats within 14 days, by June 3.
- Microsoft stated most customers require no action due to automatic updates, though users can verify their status via the Windows Security program's 'Protection Updates' section.
- Recent security alerts include the Windows BitLocker YellowKey zero-day, and CISA warned these vulnerabilities pose "significant risks to the federal enterprise.
15 Articles
15 Articles
New Microsoft Defender exploits discovered. How to protect yourself
Microsoft has identified some nasty exploits that could affect your Windows machine if you let them.Bleeping Computer reported on the exploits, which are specific vulnerabilities in Windows Defender, the built-in anti-malware software in Windows. The company has detailed reports on its security website for both vulnerabilities. While it can be a bit difficult for a layperson to understand what's going on from those reports, the main thing to kno…
Microsoft Patches Exploited Defender Zero-Days as CISA Acts
Microsoft is rolling out fixes for two exploited Defender zero-days as CISA sets a June 3 deadline and admins verify Windows systems still receive updates. The post Microsoft Patches Exploited Defender Zero-Days as CISA Acts appeared first on WinBuzzer.
Microsoft has closed two critical vulnerabilities in virus protection Defender, which already actively exploit attackers. Particularly explosive: One of the vulnerabilities provides hacker groups with full system rights on affected computers. The US agency CISA reacted immediately and set federal authorities a deadline of two weeks for installing the updates.
CISA Issues Alert on Exploited Microsoft Defender Zero-Day Vulnerabilities
CISA has issued an urgent alert warning organizations about two newly disclosed zero-day vulnerabilities affecting Microsoft Defender, both added to the Known Exploited Vulnerabilities (KEV) catalog on May 20, 2026. CVE-2026-45498: Microsoft Defender DoS Vulnerability CVE-2026-45498 is a denial-of-service (DoS) vulnerability in Microsoft Defender that can cause the security service to stop functioning. An attacker […] The post CISA Issues Alert …
Coverage Details
Bias Distribution
- 67% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
