Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Microsoft Defender Vulnerabilities Exposed, Actively Exploited

Microsoft Defender Vulnerabilities Exposed, Actively Exploited

Posted on May 21, 2026 By CWS

Two significant vulnerabilities in Microsoft Defender have recently been disclosed and are being actively exploited by cyber attackers, raising concerns among cybersecurity professionals. These vulnerabilities, identified as CVE-2026-41091 and CVE-2026-45498, allow attackers to escalate privileges to SYSTEM and potentially disrupt endpoint protection on Windows systems.

Details of the Vulnerabilities

The first vulnerability, CVE-2026-41091, is an elevation of privilege issue caused by improper link resolution in Microsoft Defender’s scanning logic. This flaw enables authenticated local attackers to manipulate Defender into accessing attacker-controlled paths, granting them SYSTEM-level privileges. This vulnerability has been publicly documented, with active exploitation confirmed by Microsoft’s exploitability index.

The second flaw, CVE-2026-45498, affects the Microsoft Defender Antimalware Platform, resulting in a denial-of-service condition. Attackers exploiting this vulnerability can crash or impair Defender’s functionality, opening a window for further attacks. This vulnerability, like the first, is also being actively exploited.

Impact and Mitigation

Successful exploitation of these vulnerabilities can have severe consequences, such as disabling security tools, deploying persistent malware, accessing sensitive data, and creating high-privilege user accounts. The vulnerabilities impact the Microsoft Malware Protection Engine version 1.1.26030.3008 and Defender Platform version 4.18.26030.3011, with fixes available in versions 1.1.26040.8 and 4.18.26040.7, respectively.

Although systems where Defender is disabled may still appear vulnerable, they are not exploitable in practice. Organizations are urged to ensure that their Defender engine and platform are updated to the latest versions to mitigate these risks.

Guidance for Organizations

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included both vulnerabilities in its Known Exploited Vulnerabilities Catalog, requiring Federal Civilian Executive Branch agencies to address them by June 3, 2026. Microsoft advises that no additional manual updates are necessary beyond the routine Defender updates. Organizations should verify that updates are being applied correctly and ensure that the Defender engine version is at least 1.1.26040.8 and the platform version is at least 4.18.26040.7.

Administrators are encouraged to use the Windows Security app to check for updates under ‘Virus & threat protection’ and ‘Protection updates’, ensuring all endpoints are secure. Additionally, continuous validation of update distribution processes is recommended to maintain system security.

Given the widespread deployment of Microsoft Defender across Windows environments, these vulnerabilities represent a significant target for cyber threats. Staying informed and ensuring timely updates are crucial steps in safeguarding systems against these active exploits.

Cyber Security News Tags:CVE-2026-41091, CVE-2026-45498, Cyberattack, Cybersecurity, Defender, denial of service, endpoint protection, Exploit, malware protection, Microsoft, privilege escalation, security update, system security, Vulnerabilities, Windows

Post navigation

Previous Post: Microsoft Fixes Two Exploited Defender Vulnerabilities
Next Post: Identity: The New Cyberattack Vector

Related Posts

Google Chrome Update Fixes 26 Security Vulnerabilities Google Chrome Update Fixes 26 Security Vulnerabilities Cyber Security News
Salat Stealer Exfiltrates Browser Credentials Via Sophisticated C2 Infrastructure Salat Stealer Exfiltrates Browser Credentials Via Sophisticated C2 Infrastructure Cyber Security News
PoC Exploit Released for Critical NVIDIA AI Container Toolkit Vulnerability PoC Exploit Released for Critical NVIDIA AI Container Toolkit Vulnerability Cyber Security News
Fog Ransomware Actors Exploits Pentesting Tools to Exfiltrate Data and Deploy Ransomware Fog Ransomware Actors Exploits Pentesting Tools to Exfiltrate Data and Deploy Ransomware Cyber Security News
Hackers Exploiting Libraesva Email Security Gateway Vulnerability to Inject Malicious Commands Hackers Exploiting Libraesva Email Security Gateway Vulnerability to Inject Malicious Commands Cyber Security News
Caminho Loader-as-a-Service Using Steganography to Conceal .NET Payloads within Image Files Caminho Loader-as-a-Service Using Steganography to Conceal .NET Payloads within Image Files Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • AI Exploited in Prompt Injection Attacks for Crypto Scams
  • Agent Skill Malware Bypasses AI Security Measures
  • Cross-Platform QuimaRAT MaaS Targets Multiple OS
  • TrojPix Hack Threatens Air-Gapped Computers
  • TrojPix Exploits Pixel Modulation to Leak Data

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • AI Exploited in Prompt Injection Attacks for Crypto Scams
  • Agent Skill Malware Bypasses AI Security Measures
  • Cross-Platform QuimaRAT MaaS Targets Multiple OS
  • TrojPix Hack Threatens Air-Gapped Computers
  • TrojPix Exploits Pixel Modulation to Leak Data

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark