CISA Warns of Exploited Microsoft Defender 0-Day Flaws

CISA added two actively exploited Microsoft Defender vulnerabilities (CVE-2026-45498 — a DoS that can render Defender inoperative; CVE-2026-41091 — a link-following local privilege escalation) to its KEV catalog and issued a binding remediation directive requiring federal agencies to apply vendor mitigations or discontinue use by June 3, 2026. The report outlines attack scenarios, potential use in ransomware playbooks, and recommends immediate patching, auditing for symbolic-link manipulation, and monitoring Defender health and telemetry.