Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Microsoft Defender Vulnerabilities Exposed, Actively Exploited

Microsoft Defender Vulnerabilities Exposed, Actively Exploited

Posted on May 21, 2026 By CWS

Two significant vulnerabilities in Microsoft Defender have recently been disclosed and are being actively exploited by cyber attackers, raising concerns among cybersecurity professionals. These vulnerabilities, identified as CVE-2026-41091 and CVE-2026-45498, allow attackers to escalate privileges to SYSTEM and potentially disrupt endpoint protection on Windows systems.

Details of the Vulnerabilities

The first vulnerability, CVE-2026-41091, is an elevation of privilege issue caused by improper link resolution in Microsoft Defender’s scanning logic. This flaw enables authenticated local attackers to manipulate Defender into accessing attacker-controlled paths, granting them SYSTEM-level privileges. This vulnerability has been publicly documented, with active exploitation confirmed by Microsoft’s exploitability index.

The second flaw, CVE-2026-45498, affects the Microsoft Defender Antimalware Platform, resulting in a denial-of-service condition. Attackers exploiting this vulnerability can crash or impair Defender’s functionality, opening a window for further attacks. This vulnerability, like the first, is also being actively exploited.

Impact and Mitigation

Successful exploitation of these vulnerabilities can have severe consequences, such as disabling security tools, deploying persistent malware, accessing sensitive data, and creating high-privilege user accounts. The vulnerabilities impact the Microsoft Malware Protection Engine version 1.1.26030.3008 and Defender Platform version 4.18.26030.3011, with fixes available in versions 1.1.26040.8 and 4.18.26040.7, respectively.

Although systems where Defender is disabled may still appear vulnerable, they are not exploitable in practice. Organizations are urged to ensure that their Defender engine and platform are updated to the latest versions to mitigate these risks.

Guidance for Organizations

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included both vulnerabilities in its Known Exploited Vulnerabilities Catalog, requiring Federal Civilian Executive Branch agencies to address them by June 3, 2026. Microsoft advises that no additional manual updates are necessary beyond the routine Defender updates. Organizations should verify that updates are being applied correctly and ensure that the Defender engine version is at least 1.1.26040.8 and the platform version is at least 4.18.26040.7.

Administrators are encouraged to use the Windows Security app to check for updates under ‘Virus & threat protection’ and ‘Protection updates’, ensuring all endpoints are secure. Additionally, continuous validation of update distribution processes is recommended to maintain system security.

Given the widespread deployment of Microsoft Defender across Windows environments, these vulnerabilities represent a significant target for cyber threats. Staying informed and ensuring timely updates are crucial steps in safeguarding systems against these active exploits.

Cyber Security News Tags:CVE-2026-41091, CVE-2026-45498, Cyberattack, Cybersecurity, Defender, denial of service, endpoint protection, Exploit, malware protection, Microsoft, privilege escalation, security update, system security, Vulnerabilities, Windows

Post navigation

Previous Post: Microsoft Fixes Two Exploited Defender Vulnerabilities
Next Post: Identity: The New Cyberattack Vector

Related Posts

Exposed Open Directory Leaks BYOB Framework Across Windows, Linux, and macOS Exposed Open Directory Leaks BYOB Framework Across Windows, Linux, and macOS Cyber Security News
New Polymorphic Python Malware Repeatedly Mutate its Appearance at Every Execution Time New Polymorphic Python Malware Repeatedly Mutate its Appearance at Every Execution Time Cyber Security News
Critical Redis Flaws Expose Systems to Remote Attacks Critical Redis Flaws Expose Systems to Remote Attacks Cyber Security News
OpenVPN Driver Vulnerability Let Attackers to Crash Windows Systems OpenVPN Driver Vulnerability Let Attackers to Crash Windows Systems Cyber Security News
SAP Urges Immediate Patch for Critical Security Flaws SAP Urges Immediate Patch for Critical Security Flaws Cyber Security News
CISA Warns of Apple WebKit Vulnerability 0-Day Vulnerability Exploited in Attacks CISA Warns of Apple WebKit Vulnerability 0-Day Vulnerability Exploited in Attacks Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Cross-Platform QuimaRAT MaaS Targets Multiple OS
  • TrojPix Hack Threatens Air-Gapped Computers
  • TrojPix Exploits Pixel Modulation to Leak Data
  • Critical Opera GX Flaw Exposes User Data to Hackers
  • SkillCloak Evades AI Scanners with New Techniques

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Cross-Platform QuimaRAT MaaS Targets Multiple OS
  • TrojPix Hack Threatens Air-Gapped Computers
  • TrojPix Exploits Pixel Modulation to Leak Data
  • Critical Opera GX Flaw Exposes User Data to Hackers
  • SkillCloak Evades AI Scanners with New Techniques

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark