Microsoft has confirmed that two vulnerabilities in its Defender security software are currently being exploited in the wild, prompting urgent security updates for all affected Windows systems.

Key Points

• Microsoft Defender is currently facing active exploitation of a privilege escalation flaw (CVE-2026-41091) and a denial-of-service bug (CVE-2026-45498).
• The privilege escalation vulnerability allows attackers to gain SYSTEM-level access, while a separate heap-based buffer overflow (CVE-2026-45584) poses a remote code execution risk.
• Patches are included in Microsoft Defender Antimalware Platform versions 1.1.26040.8 and 4.18.26040.7, which deploy automatically to most systems.
• The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the two exploited flaws to its Known Exploited Vulnerabilities catalog, mandating fixes by June 3, 2026.
• Users can verify their protection status by checking the Antimalware Client Version number within the Windows Security program settings.

Why it Matters

These vulnerabilities represent a significant security risk because they allow attackers to bypass standard protections and gain elevated control over compromised Windows machines. By adding these flaws to its mandatory catalog, CISA underscores the urgency for organizations to ensure their automated update mechanisms are functioning correctly to prevent potential system-wide breaches.