TECH NEWS

Microsoft confirms two major Defender security issues — so update now or face possible attack

https://cdn.mos.cms.futurecdn.net/Qv5XQvhYHnM9ejEq2iz2CT-1067-80.jpg
  • Microsoft patches two actively exploited zero‑day flaws in Defender, tracked as CVE‑2026‑41091 (privilege escalation) and CVE‑2026‑45498 (denial of service)
  • Updates were shipped automatically via Malware Protection Engine 1.1.26040.8 and Antimalware Platform 4.18.26040.7, though users are advised to manually verify versions
  • CISA added both bugs to its KEV catalog, giving federal agencies until June 3 to patch or discontinue vulnerable software

Microsoft has released patches for two zero-day vulnerabilities affecting its Defender antivirus tool.

In a new security advisory, the company said it fixed a privilege escalation security bug plaguing Microsoft Malware Protection Engine 1.1.26030.3008 and earlier, and a denial-of-service flaw in the Microsoft Defender Antimalware Platform 4.18.26030.3011 and earlier.

The former is tracked as CVE-2026-41091 and was given a severity score of 7.8/10 (high). It allows malicious actors to escalate privileges locally. The latter is tracked under CVE-2026-45498, with a severity score of 7.5/10 (high).

CISA confirms abuse

To address...

Copyright of this story solely belongs to techradar.com. To see the full text click HERE

Read more