Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Microsoft Alerts on Active Exploitation of Defender Vulnerabilities

Microsoft Alerts on Active Exploitation of Defender Vulnerabilities

Posted on May 21, 2026 By CWS

Microsoft has recently issued a warning about two significant vulnerabilities in its Defender software that are currently being exploited. These flaws, identified as CVE-2026-41091 and CVE-2026-45498, are affecting the security of systems worldwide.

Details of the Vulnerabilities

The first vulnerability, CVE-2026-41091, is a privilege escalation issue that has been assigned a CVSS score of 7.8. It allows attackers to gain SYSTEM level access through improper link resolution before file access. This flaw provides an opportunity for authorized users to increase their access privileges significantly.

The second flaw, CVE-2026-45498, is a denial-of-service vulnerability with a CVSS score of 4.0. It impacts the Defender system by potentially interrupting its regular operations. Both vulnerabilities have been addressed with updates in the Microsoft Defender Antimalware Platform versions 1.1.26040.8 and 4.18.26040.7.

Steps to Mitigate the Risks

Microsoft has assured users that systems with Defender disabled are not at risk. Additionally, users do not need to take manual action as updates are applied automatically, enhancing the malware definitions and protection engine. It is crucial to ensure the latest updates are installed by navigating to the Windows Security program and checking for updates.

The discovery of these vulnerabilities is credited to various researchers, including Sibusiso, Diffract, Andrew C. Dorman, Damir Moldovanov, and an anonymous contributor. These efforts highlight the importance of collaborative work in identifying and mitigating cybersecurity risks.

Broader Implications and Future Updates

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has listed these vulnerabilities in its Known Exploited Vulnerabilities catalog, mandating that federal agencies address these issues by June 3, 2026. This directive underscores the critical nature of these security threats.

Moreover, Microsoft has also reported an unrelated cross-site scripting vulnerability in Exchange Server, emphasizing the ongoing challenges in maintaining cybersecurity. Other historical vulnerabilities in Microsoft products, ranging from 2008 to 2010, have also been included in CISA’s catalog, demonstrating the persistent need for vigilance and regular software updates.

In conclusion, staying informed and ensuring timely updates are pivotal in safeguarding systems against such vulnerabilities. As the cybersecurity landscape evolves, proactive measures and awareness remain key to mitigating risks and protecting sensitive data.

The Hacker News Tags:CISA, CVE-2026-41091, CVE-2026-45498, Cybersecurity, endpoint protection, Malware, Microsoft Defender, software update, system security, Vulnerabilities

Post navigation

Previous Post: GitHub Breach via Malicious VS Code Extension
Next Post: Cisco Addresses Critical Flaw in Secure Workload

Related Posts

SideCopy Targets Afghan Finance Ministry with Xeno RAT SideCopy Targets Afghan Finance Ministry with Xeno RAT The Hacker News
North Korea-Linked npm Packages Pose Threat to Developers North Korea-Linked npm Packages Pose Threat to Developers The Hacker News
How the Browser Became the Main Cyber Battleground How the Browser Became the Main Cyber Battleground The Hacker News
TrojPix Exploits Pixel Modulation to Leak Data TrojPix Exploits Pixel Modulation to Leak Data The Hacker News
Google Disrupts IPIDEA — One of the World’s Largest Residential Proxy Networks Google Disrupts IPIDEA — One of the World’s Largest Residential Proxy Networks The Hacker News
GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Cross-Platform QuimaRAT MaaS Targets Multiple OS
  • TrojPix Hack Threatens Air-Gapped Computers
  • TrojPix Exploits Pixel Modulation to Leak Data
  • Critical Opera GX Flaw Exposes User Data to Hackers
  • SkillCloak Evades AI Scanners with New Techniques

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Cross-Platform QuimaRAT MaaS Targets Multiple OS
  • TrojPix Hack Threatens Air-Gapped Computers
  • TrojPix Exploits Pixel Modulation to Leak Data
  • Critical Opera GX Flaw Exposes User Data to Hackers
  • SkillCloak Evades AI Scanners with New Techniques

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark