Microsoft has confirmed that two vulnerabilities in Microsoft Defender are being actively exploited, putting Windows systems at risk if they are not updated quickly.
CVE-2026-41091, the first vulnerability it is kind of local privilege escalation flaw. Basically, if someone already has access to a system, they can leverage this issue in order to obtain SYSTEM-level privileges. With that kind of access, attackers can sort of take over the machine, knock out the safeguards, move further into the network, or just execute harmful commands with higher rights.
CVE-2026-45498 is the second one, it involves Microsoft Defender, and it’s a denial-of-service type problem. Even though the severity score is lower, it still matters because bad actors can use it to interfere with Defender’s usual protective behavior, and also maybe enable other malicious actions afterwards.
Microsoft has released fixes through updated Defender Antimalware Platform versions, kinda like under the hood. In most situations, Defender updates itself automatically, but users and administrators shouldn’t simply assume every single system is protected. It’s important to do a quick manual check and confirm that the newest protection platform and malware definitions are actually installed, not just “probably” there.
Microsoft also patched another Defender problem, CVE-2026-45584. This one could permit remote code execution. Even if there’s no public report that it’s being actively exploited right now, the severity is serious enough that you should patch it immediately.
The U.S. Cybersecurity and Infrastructure Security Agency has added those two exploited Defender issues to its Known Exploited Vulnerabilities catalog, which kind of signals that the danger is serious, and also that it’s already being actively used by adversaries.
Organizations should go over their Defender versions on every endpoint, make sure the automatic updates are actually running, and keep an eye out for odd privilege upswing or disruptions to security tooling. Security teams should also sift through endpoint logs for suspicious conduct, especially on systems that might not have gotten the latest patches .
This incident is a reminder that even trusted security tools can end up being sort of attack surfaces, yes. Like , cybersecurity companies such as IntelligenceX try to help organizations lower these risks via vulnerability monitoring, endpoint security reviews, patch management and also threat intelligence.
For businesses and regular users the core idea is pretty straightforward: keep Microsoft Defender up to date , double-check the protection status, and treat any weakness inside exploited security tools as an urgent risk.
Top comments (0)