Two Actively Exploited Defender Flaws Prompt Auto-Patch Rollout

May 22, 2026 at 02:47 AM

•

1 min read

Two Actively Exploited Defender Flaws Prompt Auto-Patch Rollout — Photo: The Hacker News

TL;DR Summary

Microsoft warns that Defender is under active exploitation due to a privilege-escalation flaw (CVE-2026-41091) and a separate denial-of-service flaw (CVE-2026-45498). Updates are delivered automatically via Defender Antimalware Platform versions 1.1.26040.8 and 4.18.26040.7, and systems with Defender disabled are not affected. CISA has added both flaws to its Known Exploited Vulnerabilities catalog, with a June 3, 2026 patch deadline for Federal Civilian Executive Branch agencies. The article also references older Microsoft CVEs that have been added to KEV in recent weeks.

Topics:technology #cve-2026-41091 #cve-2026-45498 #denial-of-service #microsoft-defender #privilege-escalation #security

Share this article

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities The Hacker News
New Microsoft Defender exploits discovered. How to protect yourself mashable.com
Microsoft warns of new Defender zero-days exploited in attacks BleepingComputer
Microsoft Defender vulnerabilities are being exploited in the wild Security Boulevard
Attacked MS Defender vulnerabilities and BitLocker protection measures heise online

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

84%

514 → 80 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights