Zero day Alert: Microsoft Defender Vulnerabilities (Actively Exploited)
Microsoft has disclosed two actively exploited zero-days affecting Microsoft Defender, including a privilege escalation flaw and a denial-of-service issue. The vulnerabilities have been patched in updated Defender Antimalware Platform releases, and organizations are strongly advised to ensure systems are running the latest versions. They should also review exposure to legacy vulnerabilities that remain relevant in active threat landscapes.
CVE-2026-41091 – Privilege Escalation Vulnerability
CVSS Score: 7.8
Impact: Local Privilege Escalation to SYSTEM
Affected Component: Microsoft Defender
According to Microsoft, the vulnerability is caused by improper link resolution before file access (“link following”), which could allow an authorized local attacker to elevate privileges to SYSTEM level. To patch this vulnerability, initiate a sync between the Central Patch Repository and the Endpoint Central server. Once the sync is complete, search for the following Patch ID or Bulletin ID and deploy them to your target systems.
Patch ID | Bulletin ID | Patch Description |
40060 | AV-FCS10 | Update for Microsoft Defender Antivirus antimalware platform (4.18.26040.7) (KB4052623) |
CVE-2026-45498 – Denial-of-Service Vulnerability
CVSS Score: 4.0
Impact: Denial of Service
Affected Component: Microsoft Defender
Last version of the Microsoft Malware Protection Engine affected by this vulnerability: 1.1.26030.3008
First version of the Microsoft Malware Protection Engine with this vulnerability addressed: 1.1.26040.8
Regards,
The ManageEngine Team
