Microsoft Warns of New Defender Zero-Days Exploited in Attacks

Microsoft’s Defender suite is the default endpoint protection for most Windows PCs and many enterprise environments, making any flaw in its core components a high‑stakes issue. On May 21, the company began rolling out patches for two newly disclosed zero‑day vulnerabilities—CVE‑2026‑41091, a privilege‑escalation bug in the Malware Protection Engine, and CVE‑2026‑45498, which can trigger denial‑of‑service conditions in the Antimalware Platform. Because these defects are actively exploited in the wild, the patches are being pushed through Microsoft’s automatic update mechanism to reduce exposure across the global user base.

The privilege‑escalation flaw lets an attacker manipulate link resolution to gain SYSTEM rights, effectively giving full control over a compromised machine. The denial‑of‑service vulnerability, while less catastrophic, can render security agents inoperable, leaving endpoints defenseless against other threats. Recognizing the urgency, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added both CVEs to its Known Exploited Vulnerabilities (KEV) catalog and issued Binding Operational Directive 22‑01, ordering all federal civilian agencies to apply the updates by June 3. This move underscores the government’s confidence that the exploits are already being leveraged by sophisticated threat actors.

Microsoft advises that most customers need not take manual action, as the default configuration ensures definitions and platform updates are applied automatically. Nevertheless, security teams should confirm that automatic updates are enabled and verify the installed version numbers through the Windows Security console. Enterprises with strict change‑management policies may prefer to stage the patches in test environments before full deployment. The incident highlights the broader challenge of maintaining a rapid patch cadence for ubiquitous software and reinforces the importance of layered defenses, continuous monitoring, and proactive vulnerability management.