BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Exploited Microsoft Defender Flaws Prompt Urgent Fix

Microsoft patches two actively exploited Defender flaws; CISA mandates urgent updates.

  • Two actively exploited vulnerabilities in Microsoft Defender, CVE-2026-41091 and CVE-2026-45498, have been patched according to an advisory dated May 21, 2026.
  • The flaws, a privilege escalation bug and a denial-of-service issue, require immediate patching as they have been added to the CISA Known Exploited Vulnerabilities catalog.
  • These are part of a recent wave of exploited Microsoft vulnerabilities, including a separate Exchange Server bug disclosed the previous week.
  • Federal agencies have been mandated to apply fixes for these and several other older, critical vulnerabilities by June 3, 2026.

Microsoft disclosed on May 21, 2026, that two critical vulnerabilities in its Defender security software are being actively weaponized in real-world attacks. The company urgently addressed a privilege escalation flaw and a denial-of-service bug, according to its security advisory.

- Advertisement -

Tracked as CVE-2026-41091, the privilege escalation flaw could allow an attacker to gain SYSTEM privileges. However, the second vulnerability, CVE-2026-45498, is a less severe denial-of-service issue specifically impacting Defender.

Consequently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added both defects to its Known Exploited Vulnerabilities (KEV) catalog. Federal Civilian Executive Branch agencies must now apply the provided fixes by June 3, 2026.

Meanwhile, this marks three exploited Microsoft vulnerabilities within a single week. Last week, the company also disclosed an exploited cross-site scripting flaw in on-premise Exchange Server tracked as CVE-2026-42897.

The latest CISA update also included four other high-severity, historical Microsoft flaws. These older vulnerabilities, such as CVE-2010-0806 in Internet Explorer and CVE-2008-4250 in Windows Server Service, still pose significant remote code execution risks.

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

FatFs Flaws Let Malicious Media Hijack Millions of Devices

Seven vulnerabilities (CVE-2026-6682 to CVE-2026- 6688) were found in the widely used FatFs filesystem library,...

Saylor Rage-Quits Channel 4 Over Bitcoin Grilling

Michael Saylor ended a Channel 4 interview by accusing the reporter of being offensive...

Linux ‘Bad Epoll’ Bug Grants Any User Root Access

A critical Linux kernel flaw, Bad Epoll (CVE-2026-46242), allows a standard user to gain...

Crypto Bill Fails to Meet White House July 4 Deadline

The White House will miss its July 4 deadline for passing a cryptocurrency market...

Alphabet Undervalued Despite Record Growth, AI Push

Alphabet (GOOGL) stock is deemed undervalued despite record revenue and strong AI positioning, trading...

Must Read

Tutorial: How to Buy a Domain Name Permanently? (Super Easy)

Are you ready to establish a permanent online presence and you want to buy a domain forever?In this tutorial, we'll show you how to...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading