MICROSOFT has released patches for two critical vulnerabilities in its Defender software, labeled CVE-2026-41091 and CVE-2026-45498, which have been exploited in the wild as zero-days. CVE-2026-41091, rated at 7.8 on the CVSS scale, allows local privilege escalation due to improper link resolution, while CVE-2026-45498 is a denial-of-service flaw rated at 4.0. These vulnerabilities have been added to CISA's Known Exploited Vulnerabilities list, with a recommendation for federal agencies to apply patches by June 3.
Additionally, CISA confirmed in-the-wild exploitation of older vulnerabilities dating back several years, emphasizing the importance of reviewing and addressing these security issues quickly.