CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 22, 2026

CISA Warns of Microsoft Defender 0-Day Vulnerabilities Exploited in Attacks

Cybersecurity News Archived May 22, 2026 ✓ Full text saved

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical Microsoft Defender vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations of active exploitation risks. The flaws, tracked as CVE-2026-45498 and CVE-2026-41091, impact Microsoft Defender and could allow attackers to disrupt systems or escalate privileges. Both vulnerabilities were officially added to the […] The post CISA Warns of Microsoft Defender 0-Day Vulnerabilities E

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News CISA Warns of Microsoft Defender 0-Day Vulnerabilities Exploited in Attacks By Abinaya May 22, 2026 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical Microsoft Defender vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations of active exploitation risks. The flaws, tracked as CVE-2026-45498 and CVE-2026-41091, impact Microsoft Defender and could allow attackers to disrupt systems or escalate privileges. Both vulnerabilities were officially added to the KEV list on May 20, 2026, with a remediation deadline of June 3, 2026, under Binding Operational Directive (BOD) 22-01. Federal agencies and organizations using Microsoft Defender are urged to apply mitigations immediately. Microsoft Defender Zero-Day Exploits The first vulnerability, CVE-2026-45498, is a denial-of-service (DoS) flaw in Microsoft Defender. While the technical specifics remain limited, successful exploitation could allow attackers to disrupt Defender operations, potentially weakening endpoint protection and exposing systems to compromise further. The second flaw, CVE-2026-41091, is a link-following vulnerability (CWE-59). This issue allows an authorized local attacker to exploit improper handling of symbolic links, leading to privilege escalation. By leveraging this flaw, attackers could gain elevated access on targeted systems, increasing the risk of lateral movement and deeper network compromise. Although CISA has not confirmed whether these vulnerabilities are currently used in ransomware campaigns, their inclusion in the KEV catalog indicates evidence of active exploitation in real-world attacks. Security researchers warn that advanced threat actors and ransomware operators commonly employ privilege escalation and defense-evasion techniques. The combination of a DoS vulnerability and a privilege escalation flaw in a widely deployed security product like Microsoft Defender raises concerns about defense bypass scenarios. Attackers may exploit these weaknesses to turn off protections before deploying malware or conducting post-exploitation activities. CISA strongly advises organizations to take the following actions: Apply security updates and mitigations provided by Microsoft immediately. Follow BOD 22-01 guidelines for cloud and on-premises environments. Monitor systems for unusual behavior, including Defender service disruptions. Restrict local access privileges to minimize the risk of exploitation. Consider discontinuing use of affected systems if patches are unavailable. Organizations should also review endpoint detection logs and investigate anomalies that may indicate attempted exploitation. The discovery of actively exploited vulnerabilities in security software highlights an ongoing challenge in cybersecurity: attackers increasingly target defensive tools themselves. Exploiting such tools can provide a stealthy pathway to bypass detection and maintain persistence. Security teams are encouraged to adopt a layered defense strategy that combines endpoint protection with behavioral monitoring, threat intelligence, and rapid patch management. As threat actors continue to evolve their tactics, timely vulnerability remediation remains critical to reducing attack surfaces and preventing breaches. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News Splunk Patches Multiple Vulnerabilities that Enable DOS Attacks and Expose Sensitive Data Critical SEPPmail Gateway Flaws Allow Remote Code Execution and Mail Traffic Theft Critical ExifTool Vulnerability Allows Attackers to Compromise Macs via Single Malicious Image Grafana GitHub Breach Linked to TanStack npm Supply Chain Ransomware Nine-year-old Linux Kernel Vulnerability Let Attackers Exfiltrate SSH Private Keys Latest News Cyber Security News Operation Dragon Whistle Uses Malicious LNK Files to Target Changzhou University Cyber Security Canadian Man Arrested for Operating KimWolf DDoS Botnet Hacking 2 Million Devices Cyber Security News Hackers Hide Malware Payloads Inside Nested macOS-Like Folders to Evade Scanning Cyber Security News Splunk Patches Multiple Vulnerabilities that Enable DOS Attacks and Expose Sensitive Data Cyber Security News CISA Warns of Trend Micro Apex One Vulnerability Exploited in Attacks
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    May 22, 2026
    Archived
    May 22, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗