Microsoft warns of new Defender zero-day exploited in attacks

Microsoft on Wednesday started rolling out safety patches for 2 Defender vulnerabilities exploited in zero-day assaults.

The primary, tracked as CVE-2026-41091, is a privilege escalation safety flaw affecting Microsoft Malware Safety Engine 1.1.26030.3008 and earlier, which supplies scanning, detection, and cleansing performance to Microsoft’s antivirus and antispyware software program.

This flaw is because of an improper hyperlink decision vulnerability earlier than file entry (hyperlink monitoring) that permits an attacker to achieve SYSTEM privileges.

The second vulnerability (CVE-2026-45498) impacts programs operating Microsoft Defender Antimalware Platform 4.18.26030.3011 and earlier. This platform is a group of safety instruments which might be additionally utilized by Microsoft’s System Heart Endpoint Safety, System Heart 2012 R2 Endpoint Safety, System Heart 2012 Endpoint Safety, and Safety Necessities.

Based on Microsoft, a profitable exploit may permit the attacker to trigger a denial of service (DoS) situation on an unpatched Home windows gadget.

Microsoft launched variations 1.1.26040.8 and 4.18.26040.7 of its Malware Safety Engine, respectively, to deal with the 2 safety flaws, including that clients don’t have to take any motion to guard their programs as a result of “the default configuration of Microsoft’s antimalware software program robotically retains malware definitions and the Home windows Defender Antimalware Platform updated.”

Nonetheless, customers ought to verify whether or not Home windows Defender Antimalware Platform updates and malware definitions are configured to put in robotically and comply with these steps to verify if the updates are put in.

1. Open your Home windows Safety program. For instance, sort “safety” within the search bar and choose the Home windows Safety program.
2. Within the navigation pane, choose (Virus & menace safety).
3. then click on Safety updates Virus and menace safety part.
4. selection Examine for updates.
5. Within the navigation pane, settingChoose About.
6. Please verify the Anti-malware consumer model quantity. If the Malware Safety Platform model quantity or the signature bundle model quantity matches or exceeds the model quantity that you’re making an attempt to confirm as put in, the replace is put in efficiently.

Yesterday, the U.S. Cybersecurity and Infrastructure Safety Company (CISA) additionally ordered authorities companies to guard Home windows programs in opposition to these two Microsoft Defender zero-day vulnerabilities, warning that they’re being actively exploited within the wild.

CISA added these to its Identified Exploited Vulnerabilities (KEV) Catalog and ordered Federal Civilian Govt Department (FCEB) companies to guard Home windows endpoints and servers inside two weeks by June 3, as mandated by Binding Working Directive (BOD) 22-01.

“Most of these vulnerabilities are a frequent assault vector for malicious cyber attackers and pose important dangers to federal enterprises,” the U.S. Cybersecurity Company warned.

“Apply mitigations as directed by the seller and comply with the BOD 22-01 steering relevant to your cloud service, or discontinue use of the product if mitigations aren’t out there.”

On Tuesday, Microsoft additionally shared mitigations for YellowKey, a just lately disclosed zero-day flaw in Home windows BitLocker that permits attackers to entry protected drives.