CISA Warns of Microsoft Defender 0-Day Vulnerabilities Exploited in Attacks
Cybersecurity NewsArchived May 22, 2026✓ Full text saved
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical Microsoft Defender vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations of active exploitation risks. The flaws, tracked as CVE-2026-45498 and CVE-2026-41091, impact Microsoft Defender and could allow attackers to disrupt systems or escalate privileges. Both vulnerabilities were officially added to the […] The post CISA Warns of Microsoft Defender 0-Day Vulnerabilities E
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeCyber Security News
CISA Warns of Microsoft Defender 0-Day Vulnerabilities Exploited in Attacks
By Abinaya
May 22, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical Microsoft Defender vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations of active exploitation risks.
The flaws, tracked as CVE-2026-45498 and CVE-2026-41091, impact Microsoft Defender and could allow attackers to disrupt systems or escalate privileges.
Both vulnerabilities were officially added to the KEV list on May 20, 2026, with a remediation deadline of June 3, 2026, under Binding Operational Directive (BOD) 22-01.
Federal agencies and organizations using Microsoft Defender are urged to apply mitigations immediately.
Microsoft Defender Zero-Day Exploits
The first vulnerability, CVE-2026-45498, is a denial-of-service (DoS) flaw in Microsoft Defender.
While the technical specifics remain limited, successful exploitation could allow attackers to disrupt Defender operations, potentially weakening endpoint protection and exposing systems to compromise further.
The second flaw, CVE-2026-41091, is a link-following vulnerability (CWE-59). This issue allows an authorized local attacker to exploit improper handling of symbolic links, leading to privilege escalation.
By leveraging this flaw, attackers could gain elevated access on targeted systems, increasing the risk of lateral movement and deeper network compromise.
Although CISA has not confirmed whether these vulnerabilities are currently used in ransomware campaigns, their inclusion in the KEV catalog indicates evidence of active exploitation in real-world attacks.
Security researchers warn that advanced threat actors and ransomware operators commonly employ privilege escalation and defense-evasion techniques.
The combination of a DoS vulnerability and a privilege escalation flaw in a widely deployed security product like Microsoft Defender raises concerns about defense bypass scenarios.
Attackers may exploit these weaknesses to turn off protections before deploying malware or conducting post-exploitation activities.
CISA strongly advises organizations to take the following actions:
Apply security updates and mitigations provided by Microsoft immediately.
Follow BOD 22-01 guidelines for cloud and on-premises environments.
Monitor systems for unusual behavior, including Defender service disruptions.
Restrict local access privileges to minimize the risk of exploitation.
Consider discontinuing use of affected systems if patches are unavailable.
Organizations should also review endpoint detection logs and investigate anomalies that may indicate attempted exploitation.
The discovery of actively exploited vulnerabilities in security software highlights an ongoing challenge in cybersecurity: attackers increasingly target defensive tools themselves.
Exploiting such tools can provide a stealthy pathway to bypass detection and maintain persistence.
Security teams are encouraged to adopt a layered defense strategy that combines endpoint protection with behavioral monitoring, threat intelligence, and rapid patch management.
As threat actors continue to evolve their tactics, timely vulnerability remediation remains critical to reducing attack surfaces and preventing breaches.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Abinayahttps://cybersecuritynews.com/
Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.
Trending News
Splunk Patches Multiple Vulnerabilities that Enable DOS Attacks and Expose Sensitive Data
Critical SEPPmail Gateway Flaws Allow Remote Code Execution and Mail Traffic Theft
Critical ExifTool Vulnerability Allows Attackers to Compromise Macs via Single Malicious Image
Grafana GitHub Breach Linked to TanStack npm Supply Chain Ransomware
Nine-year-old Linux Kernel Vulnerability Let Attackers Exfiltrate SSH Private Keys
Latest News
Cyber Security News
Operation Dragon Whistle Uses Malicious LNK Files to Target Changzhou University
Cyber Security
Canadian Man Arrested for Operating KimWolf DDoS Botnet Hacking 2 Million Devices
Cyber Security News
Hackers Hide Malware Payloads Inside Nested macOS-Like Folders to Evade Scanning
Cyber Security News
Splunk Patches Multiple Vulnerabilities that Enable DOS Attacks and Expose Sensitive Data
Cyber Security News
CISA Warns of Trend Micro Apex One Vulnerability Exploited in Attacks