Hackers Exploit Microsoft Defender 0-Day Flaws To Launch Active Attacks

Microsoft confirmed a zero-day (CVE-2026-41091) in the Microsoft Malware Protection Engine (mpengine.dll) that allows a local attacker to escalate to SYSTEM privileges by abusing improper link resolution (CWE-59). Exploits are publicly disclosed and observed in the wild; Microsoft released a patch on May 19, 2026 (engine version 1.1.26040.8) and recommends verifying automatic updates and auditing engine versions.