Microsoft has recently issued patches addressing two critical vulnerabilities within its Defender software, both of which have been actively exploited as zero-day threats. These vulnerabilities, if left unpatched, could potentially lead to severe security breaches.
Details of the Vulnerabilities
The first vulnerability, identified as CVE-2026-41091 with a CVSS score of 7.8, involves a link-following flaw. This issue allows unauthorized users to gain elevated privileges on a system, posing a significant risk to affected machines. Microsoft has noted that this vulnerability results from improper link resolution practices before file access.
The second flaw, CVE-2026-45498, holds a CVSS score of 4.0 and is classified as a denial-of-service (DoS) vulnerability. Both vulnerabilities are addressed in the Microsoft Defender Antimalware Platform version 4.18.26040.7. It is important to note that systems with Defender disabled remain unaffected by these exploits.
Public Disclosure and Exploitation
Both vulnerabilities have been publicly disclosed, and there is evidence of their exploitation in the wild. Security researcher Chaos Eclipse publicly revealed these issues last month, naming them UnDefend and RedSun, variants of the BlueHammer exploit. Following these revelations, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included these vulnerabilities in its Known Exploited Vulnerabilities (KEV) list.
CISA has mandated federal agencies to patch these vulnerabilities by June 3. Alongside the Defender vulnerabilities, five other security issues were added to the KEV list. These include older vulnerabilities such as CVE-2008-4250, which affects the Server service of older Windows versions, and others like CVE-2009-1537 and CVE-2009-3459, affecting Microsoft DirectX and Adobe Acrobat respectively.
Urgency and Recommendations
With the deadline set by CISA approaching, it is critical for organizations, particularly federal agencies, to update their systems promptly to mitigate potential risks. CISA has emphasized the importance of reviewing the KEV list and addressing these vulnerabilities without delay.
The proactive fixing of these vulnerabilities is essential in safeguarding against potential attacks. Organizations are encouraged to regularly update their systems and review security advisories to protect their networks from ongoing threats.
As cybersecurity risks continue to evolve, staying informed and prepared is crucial. The updates from Microsoft serve as a reminder of the ever-present need for vigilance in the digital landscape.
