VulnerabilityBleeping Computer
7.8 — HIGH
Microsoft warns of new Defender zero-days exploited in attacks
On Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
Microsoft has identified two zero-day vulnerabilities in its Defender software, CVE-2026-41091 and CVE-2026-45498, which have been exploited in attacks, posing significant risks to affected systems.
⚙️Technical Details
💥Impact Assessment
Severity: critical
Who Is at Risk
Government agencies and potentially other organizations using affected systems
🛡️Recommended Actions
1Check if Windows Defender Antimalware Platform updates and malware definitions are configured to install automatically
2Verify the update was installed by going through the steps provided in the Microsoft article
3Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable
📦Affected Products
Microsoft Malware Protection EngineMicrosoft Defender Antimalware Platform
🔐NVD Verified DataVERIFIED
CVE-2026-41091 ↗CVSS 7.8 — HIGH
Attack Vector
LOCAL
Complexity
LOW
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-59
Affected Products (CPE)
Microsoft Malware Protection Engine
CVE-2026-45498 ↗CVSS 7.5 — HIGH
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HWeaknesses
CWE-400
Affected Products (CPE)
Microsoft Defender Antimalware Platform
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.