Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

Ravie LakshmananMay 21, 2026Endpoint Security / Vulnerability

Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild.

The former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker to gain SYSTEM privileges.

"Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally," Microsoft said in an advisory.

The second vulnerability under exploitation is CVE-2026-45498 (CVSS score: 4.0), a denial-of-service bug impacting Defender. The two vulnerabilities have been addressed in Microsoft Defender Antimalware Platform versions 1.1.26040.8 and 4.18.26040.7, respectively.

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

Other newsrooms on this story

Related reading

Microsoft warns of new Defender zero-days exploited in attacks

Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days

2 New Microsoft Defender Zero-Days Exploited—Patch Now Rolling Out

Microsoft's agentic security system MDASH uncovers four critical Windows RCE…

Due falle di sicurezza in Microsoft Defender: a rischio milioni di PC Windows

New Microsoft Alert — Update Windows 10 And 11 Now, Attacks Underway