Microsoft has released patches for two zero-day vulnerabilities in Microsoft Defender, including CVE-2026-41091 and CVE-2026-45498, after confirmation that they were exploited in attacks. CISA has added both flaws to its Known Exploited Vulnerabilities Catalog and ordered federal agencies to patch affected Windows systems within two weeks. #CVE-2026-41091 #CVE-2026-45498 #MicrosoftDefender #CISA
Keypoints
- Microsoft patched two actively exploited zero-day vulnerabilities in Defender.
- CVE-2026-41091 can let attackers gain SYSTEM privileges.
- CVE-2026-45498 can cause denial-of-service on unpatched Windows devices.
- The fixes were delivered through updated Malware Protection Engine and Defender Antimalware Platform versions.
- CISA added both flaws to the KEV Catalog and ordered federal agencies to patch them quickly.