Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days

Microsoft this week released patches for two vulnerabilities in Defender, warning they have been exploited in the wild as zero-days.

The first, tracked as CVE-2026-41091 (CVSS score of 7.8), is described as a link-following issue that allows attackers to elevate their privileges to System.

“Improper link resolution before file access (‘link following’) in Microsoft Defender allows an authorized attacker to elevate privileges locally,” Microsoft notes in its bare-bones advisory.

The second bug, tracked as CVE-2026-45498 (CVSS score of 4.0), is a denial-of-service (DoS) flaw.

Microsoft addressed the two security defects in Microsoft Defender Antimalware Platform version 4.18.26040.7. According to the company, systems with Microsoft Defender disabled are not exploitable, even though Defender’s files remain on disk.

Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days

Other newsrooms on this story

Related reading

Microsoft warns of new Defender zero-days exploited in attacks

Other newsrooms on this story

Related reading

Microsoft warns of new Defender zero-days exploited in attacks

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

2 New Microsoft Defender Zero-Days Exploited—Patch Now Rolling Out

Microsoft Windows Alert—Angry Hacker Drops 2 New Zero-Day Exploits

Mystery Microsoft bug leaker keeps the zero-days coming

Due falle di sicurezza in Microsoft Defender: a rischio milioni di PC Windows