Microsoft patches two zero-day flaws in Defender
Summary
Microsoft has released emergency patches for two zero-day vulnerabilities in its Defender anti-malware software. These flaws allow local attackers to escalate privileges to system level or disable the anti-malware service. CISA has added these vulnerabilities, CVE-2026-41091 and CVE-2026-45498, to its Known Exploited Vulnerabilities catalog.
IFF Assessment
These are zero-day vulnerabilities that have been exploited in the wild, allowing attackers to gain elevated privileges or disable crucial security software, which is bad news for defenders.
Severity
The CVSS score of 7.8 indicates a high severity rating for CVE-2026-41091, a privilege escalation flaw in the Microsoft Malware Protection Engine, which is related to improper link resolution before file access.
CISA KEV: Listed as actively exploited. Federal patch due: June 03, 2026. Known ransomware use: Unknown.
Defender Context
Defenders should prioritize patching these Microsoft Defender zero-day vulnerabilities immediately, especially since they are already being exploited and are present in CISA's KEV catalog. The ability for local attackers to escalate privileges or disable endpoint protection poses a significant risk to systems relying on Microsoft's security solutions.