Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

Briefly

"Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally, Microsoft said in an advisory. Successful exploitation of the flaw could allow an attacker to gain SYSTEM privileges. The issue is tracked as CVE-2026-41091 and is rated 7.8 on the CVSS scoring system."

"The second vulnerability under exploitation is CVE-2026-45498 (CVSS score: 4.0), a denial-of-service bug impacting Defender. The two vulnerabilities have been addressed in Microsoft Defender Antimalware Platform versions 1.1.26040.8 and 4.18.26040.7, respectively. Microsoft credited five different parties with discovering and reporting the flaw, including Sibusiso, Diffract, Andrew C. Dorman (aka ACD421), Damir Moldovanov, and an anonymous researcher."

"Microsoft noted that systems that have disabled Microsoft Defender are not susceptible to the vulnerability, adding that no action is required to install the update since it automatically updates malware definitions and the Microsoft Malware Protection Engine for optimal protection. To ensure the latest version of the Microsoft Malware Protection Platform and definition updates are being actively downloaded and installed, users are recommended to follow the steps below."

"Open the Windows Security program. In the navigation pane, select Virus & threat protection. Then click on Protection Updates in the Virus & threat protection section updates. Select Check for updates. In the navigation pane, select Settings, and then select About. Examine the Antimalware ClientVersion number. There are currently no details on how the vulnerabilities are being exploited in the wild."