- Microsoft fixes two actively exploited zero-day flaws in Defender, tracked as CVE-2026-41091 (Privilege Escalation) and CVE-2026-45498 (Denial of Service)
- Updates were sent automatically via Malware Protection Engine 1.1.26040.8 and Antimalware Platform 4.18.26040.7, although users are advised to manually verify versions
- CISA added both bugs to its KEV catalog, giving federal agencies until June 3 to fix or disable vulnerable software
Microsoft has released patches for two zero-day vulnerabilities affecting its Defender antivirus tool.
In a new security advisory, the company said it fixed an escalation of privilege security flaw plaguing Microsoft Malware Protection Engine 1.1.26030.3008 and earlier, and a denial-of-service flaw in Microsoft Defender Antimalware Platform 4.18.26030.3011 and earlier.
The former is tracked as CVE-2026-41091 and received a severity rating of 7.8/10 (high). It allows malicious actors to escalate privileges locally. The latter is tracked under CVE-2026-45498, with a severity rating of 7.5/10 (high).
CISA confirms abuse
To address the vulnerabilities, Microsoft released Malware Protection Engine versions 1.1.26040.8 and 4.18.26040.7, one for each bug. The company said there is no need for customer action as Defender receives these updates automatically during default configuration.
Still, since both bugs are actively abused in the wild, it doesn’t hurt to double-check by navigating to the “Virus and Threat Protection” window, then Protection Updates, then clicking “Check for Updates.” The Antimalware ClientVersion number should show the version numbers above.
Confirmation that the flaws are being exploited came from the US Cybersecurity and Infrastructure Security Agency (CISA), which recently added them to its catalog of known exploited vulnerabilities (KEV).
When that happens, Federal Civilian Executive Branch (FCEB) agencies usually have a two-week deadline to correct or stop using vulnerable software immediately. In this case, agencies have until June 3.
“This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise,” CISA explained. “Apply restrictions according to the vendor’s instructions, follow applicable BOD 22-01 guidance for cloud services, or stop using the product if restrictions are not available.”
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
