Microsoft: Two Exploited Defender Vulnerabilities — Privilege Escalation and DoS

Colleagues, a cybersecurity alert: Microsoft confirmed exploitation of two vulnerabilities in Defender.
• Two issues: CVE‑2026‑41091 — LPE via improper symbolic link resolution (CVSS 7.8), can lead to SYSTEM takeover; CVE‑2026‑45498 — DoS (CVSS 4.0).
• Patches: fixes in Microsoft Defender Antimalware Platform 1.1.26040.8 and 4.18.26040.7; engine and definition updates are rolling out automatically.
• Actions: verify Antimalware ClientVersion and Windows Security updates; systems with Defender disabled are not vulnerable.
Why it matters: LPE to SYSTEM increases risk of complete infrastructure compromise.
How will you monitor update deployment across your estate?
#cybersecurity #MicrosoftDefender #vulnerabilities #CISA


Latest comments
No comments yet.