Microsoft has identified two vulnerabilities in its Defender antivirus software that are currently being exploited in the wild. The first, designated as CVE-2026-41091 with a CVSS score of 7.8, is a privilege escalation flaw that could enable attackers to gain SYSTEM-level access. The second, CVE-2026-45498, carries a CVSS score of 4.0 and pertains to a denial-of-service issue affecting Defender.
According to Microsoft, the privilege escalation vulnerability arises from improper link resolution before file access, allowing authorized attackers to elevate privileges locally. The denial-of-service flaw could potentially disrupt Defender’s functionality.
Both vulnerabilities have been addressed in Microsoft Defender Antimalware Platform versions 1.1.26040.8 and 4.18.26040.7. Microsoft has stated that no user action is required to install these updates, as Defender automatically updates its malware definitions and protection engine to maintain optimal security.
The company credited five researchers—Sibusiso, Diffract, Andrew C. Dorman (aka ACD421), Damir Moldovanov, and an anonymous contributor—for discovering and reporting these issues.
To verify that their systems are running the latest version of the Microsoft Malware Protection Platform, users can follow these steps:
- Open the Windows Security program.
- Select ‘Virus & threat protection’ from the navigation pane.
- Click on ‘Protection Updates’ in the ‘Virus & threat protection’ section.
- Choose ‘Check for updates.’
- Navigate to ‘Settings’ and then select ‘About.’
- Review the ‘Antimalware Client Version’ number.
Details on how these vulnerabilities are being exploited in the wild have not been disclosed. However, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added both CVE-2026-41091 and CVE-2026-45498 to its Known Exploited Vulnerabilities (KEV) catalog, mandating that Federal Civilian Executive Branch (FCEB) agencies apply the fixes by June 3, 2026.
Additionally, Microsoft recently reported active exploitation of a cross-site scripting flaw in on-premise versions of Exchange Server (CVE-2026-42897, CVSS score: 8.1). This vulnerability has also been added to CISA’s KEV catalog.
These developments underscore the critical importance of timely software updates and vigilant monitoring of security advisories. Organizations should ensure that their systems are promptly updated to mitigate potential threats arising from these vulnerabilities.
Source: The Hacker News
