CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ⬡ Vulnerabilities & CVEs Jun 24, 2026

Microsoft Patches Active Defender Zero Day Vulnerabilities - SQ Magazine

SQ Magazine Archived Jun 24, 2026 ✓ Full text saved

Microsoft Patches Active Defender Zero Day Vulnerabilities SQ Magazine

Full text archived locally
✦ AI Summary · Claude Sonnet


    Microsoft has released emergency security updates for two actively exploited zero day vulnerabilities affecting Microsoft Defender, prompting urgent warnings from cybersecurity agencies and security researchers. Quick Summary – TLDR: Microsoft patched two zero day flaws affecting Microsoft Defender and related security products. One vulnerability could allow attackers to gain SYSTEM level privileges. The second flaw could trigger denial of service attacks on vulnerable devices. CISA added both vulnerabilities to its Known Exploited Vulnerabilities catalog and ordered federal agencies to patch systems by June 3. What Happened? Microsoft has rolled out emergency fixes for two security flaws in Microsoft Defender that attackers are already exploiting in real world attacks. The vulnerabilities affect core Defender components used across Windows systems and enterprise security environments. The flaws, tracked as CVE-2026-41091 and CVE-2026-45498, impact the Microsoft Malware Protection Engine and Microsoft Defender Antimalware Platform. Security experts say the bugs could allow attackers to gain powerful system access or disrupt security operations on targeted devices. 🚨 Microsoft warns two Defender vulnerabilities are being actively exploited in the wild.https://t.co/zWPNKTIidF 🔸 CVE-2026-41091 could allow attackers to gain SYSTEM privileges locally. 🔸 CVE-2026-45498 is a denial-of-service flaw impacting Defender. CISA added both to KEV… pic.twitter.com/S2PQ9D2fch — The Hacker News (@TheHackersNews) May 21, 2026 Microsoft Confirms Active Exploitation The first vulnerability, CVE-2026-41091, is an elevation of privilege flaw caused by improper link resolution before file access. Microsoft said the issue affects Microsoft Malware Protection Engine version 1.1.26030.3008 and earlier. If successfully exploited, attackers can gain SYSTEM privileges, giving them deep control over affected Windows devices. Because Microsoft Defender operates with elevated permissions, security researchers warn that exploitation could allow attackers to bypass protections, manipulate files, or execute malicious actions with full system access. Microsoft fixed the issue in Malware Protection Engine version 1.1.26040.8. The second vulnerability, CVE-2026-45498, is a denial of service flaw affecting Microsoft Defender Antimalware Platform version 4.18.26030.3011 and earlier. The issue was patched in platform version 4.18.26040.7. Unlike the first vulnerability, this flaw does not enable remote code execution. However, attackers could still abuse it to crash systems or disrupt enterprise security operations. Wider Impact on Microsoft Security Products Microsoft confirmed that the affected antimalware platform is also used by several older Microsoft security products, including: Microsoft Security Essentials Microsoft System Center Endpoint Protection Microsoft System Center 2012 Endpoint Protection Microsoft System Center 2012 R2 Endpoint Protection The company noted that systems with Microsoft Defender disabled are not vulnerable to exploitation, even if Defender files remain present on the device. Links to Public Exploit Research Security researcher Fabian Bader said the newly patched flaws are related to the publicly disclosed BlueHammer exploit released by researcher Chaos Eclipse last month. According to Bader, the vulnerabilities are variants known as UnDefend and RedSun, both connected to the wider BlueHammer attack technique that has already been seen in active attacks. Microsoft has not publicly shared details about the attackers or how widespread the exploitation currently is. CISA Adds Vulnerabilities to KEV List The U.S. Cybersecurity and Infrastructure Security Agency, better known as CISA, has added both flaws to its Known Exploited Vulnerabilities catalog. Federal agencies are required to secure affected systems by June 3 under current federal remediation guidelines. CISA warned that vulnerabilities affecting security software are especially dangerous because they often run with elevated privileges inside enterprise environments. The agency also encouraged private organizations to review the KEV catalog and prioritize patching systems vulnerable to active attacks. Busy Week for Microsoft Security Teams The Defender zero days arrive during an intense week for Microsoft security teams. The company has already faced multiple security incidents and vulnerability disclosures in recent days. Microsoft Exchange administrators were recently warned about another active zero day exploit requiring emergency mitigation. At the same time, researchers at the Pwn2Own Berlin hacking event uncovered several new Windows vulnerabilities, while Microsoft also continued investigating attacks linked to the YellowKey exploit and the Storm 2949 threat group targeting Microsoft 365 and Azure customers. With attackers increasingly targeting security products themselves, experts say organizations should verify that Defender platform updates and malware definitions are installing correctly across all Windows environments. SQ Magazine Takeaway I think this incident shows how dangerous modern attacks have become. Attackers are no longer just targeting apps or browsers. They are now going directly after security software that already has deep system access. That makes these vulnerabilities especially serious for businesses and government agencies. Microsoft moved quickly with patches, but this is another reminder that security tools themselves can become high value attack targets if updates are delayed.
    💬 Team Notes
    Article Info
    Source
    SQ Magazine
    Category
    ⬡ Vulnerabilities & CVEs
    Published
    Jun 24, 2026
    Archived
    Jun 24, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗