Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Microsoft Alerts on Active Exploitation of Defender Vulnerabilities

Microsoft Alerts on Active Exploitation of Defender Vulnerabilities

Posted on May 21, 2026 By CWS

Microsoft has recently issued a warning about two significant vulnerabilities in its Defender software that are currently being exploited. These flaws, identified as CVE-2026-41091 and CVE-2026-45498, are affecting the security of systems worldwide.

Details of the Vulnerabilities

The first vulnerability, CVE-2026-41091, is a privilege escalation issue that has been assigned a CVSS score of 7.8. It allows attackers to gain SYSTEM level access through improper link resolution before file access. This flaw provides an opportunity for authorized users to increase their access privileges significantly.

The second flaw, CVE-2026-45498, is a denial-of-service vulnerability with a CVSS score of 4.0. It impacts the Defender system by potentially interrupting its regular operations. Both vulnerabilities have been addressed with updates in the Microsoft Defender Antimalware Platform versions 1.1.26040.8 and 4.18.26040.7.

Steps to Mitigate the Risks

Microsoft has assured users that systems with Defender disabled are not at risk. Additionally, users do not need to take manual action as updates are applied automatically, enhancing the malware definitions and protection engine. It is crucial to ensure the latest updates are installed by navigating to the Windows Security program and checking for updates.

The discovery of these vulnerabilities is credited to various researchers, including Sibusiso, Diffract, Andrew C. Dorman, Damir Moldovanov, and an anonymous contributor. These efforts highlight the importance of collaborative work in identifying and mitigating cybersecurity risks.

Broader Implications and Future Updates

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has listed these vulnerabilities in its Known Exploited Vulnerabilities catalog, mandating that federal agencies address these issues by June 3, 2026. This directive underscores the critical nature of these security threats.

Moreover, Microsoft has also reported an unrelated cross-site scripting vulnerability in Exchange Server, emphasizing the ongoing challenges in maintaining cybersecurity. Other historical vulnerabilities in Microsoft products, ranging from 2008 to 2010, have also been included in CISA’s catalog, demonstrating the persistent need for vigilance and regular software updates.

In conclusion, staying informed and ensuring timely updates are pivotal in safeguarding systems against such vulnerabilities. As the cybersecurity landscape evolves, proactive measures and awareness remain key to mitigating risks and protecting sensitive data.

The Hacker News Tags:CISA, CVE-2026-41091, CVE-2026-45498, Cybersecurity, endpoint protection, Malware, Microsoft Defender, software update, system security, Vulnerabilities

Post navigation

Previous Post: GitHub Breach via Malicious VS Code Extension
Next Post: Cisco Addresses Critical Flaw in Secure Workload

Related Posts

Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks Hackers Turn Velociraptor DFIR Tool Into Weapon in LockBit Ransomware Attacks The Hacker News
Hijacked Packages Deploy Python Infostealer via VS Code Hijacked Packages Deploy Python Infostealer via VS Code The Hacker News
Optimize Your SOC: Build, Buy, or Automate? Optimize Your SOC: Build, Buy, or Automate? The Hacker News
Why CTEM is the Winning Bet for CISOs in 2025 Why CTEM is the Winning Bet for CISOs in 2025 The Hacker News
7 Key Workflows for Maximum Impact 7 Key Workflows for Maximum Impact The Hacker News
Deepfake Defense in the Age of AI Deepfake Defense in the Age of AI The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • AI Exploited in Prompt Injection Attacks for Crypto Scams
  • Agent Skill Malware Bypasses AI Security Measures
  • Cross-Platform QuimaRAT MaaS Targets Multiple OS
  • TrojPix Hack Threatens Air-Gapped Computers
  • TrojPix Exploits Pixel Modulation to Leak Data

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • AI Exploited in Prompt Injection Attacks for Crypto Scams
  • Agent Skill Malware Bypasses AI Security Measures
  • Cross-Platform QuimaRAT MaaS Targets Multiple OS
  • TrojPix Hack Threatens Air-Gapped Computers
  • TrojPix Exploits Pixel Modulation to Leak Data

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark