Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
Summary
Microsoft has announced two vulnerabilities in Microsoft Defender that are currently being actively exploited. One is a privilege escalation flaw (CVE-2026-41091) that could grant attackers SYSTEM privileges, and the other is a denial-of-service vulnerability.
IFF Assessment
These vulnerabilities in a widely used security product being actively exploited pose a direct threat to defenders' systems.
Severity
The CVSS score of 7.8 indicates a high-severity vulnerability, as successful exploitation allows for privilege escalation to SYSTEM, granting an attacker significant control over the compromised system.
CISA KEV: Listed as actively exploited. Federal patch due: June 03, 2026. Known ransomware use: Unknown.
Defender Context
Defenders should prioritize patching Microsoft Defender immediately due to active exploitation. The privilege escalation capability means compromised systems could be fully controlled by attackers, highlighting the critical need for prompt remediation and robust endpoint detection and response strategies. Organizations should also monitor for signs of exploitation related to these CVEs.