Microsoft patched two exploited zero-day vulnerabilities in Defender, including a privilege escalation flaw tracked as CVE-2026-41091 and a denial-of-service issue tracked as CVE-2026-45498. CISA added both bugs to its Known Exploited Vulnerabilities list and urged federal agencies to patch them by June 3. #MicrosoftDefender #CVE-2026-41091 #CVE-2026-45498 #CISA #BlueHammer #RedSun #UnDefend #ChaosEclipse
Keypoints
- Microsoft released fixes for two Defender vulnerabilities exploited as zero-days.
- CVE-2026-41091 can let an attacker elevate privileges to SYSTEM locally.
- CVE-2026-45498 is a denial-of-service flaw in Microsoft Defender.
- The issues were addressed in Defender Antimalware Platform version 4.18.26040.7.
- CISA added both flaws to its KEV list and set a June 3 patch deadline for federal agencies.
Read More: https://www.securityweek.com/microsoft-patches-exploited-undefend-and-redsun-defender-zero-days/