Microsoft warns of new Defender zero-days exploited in attacks

Microsoft released patches for two actively exploited Microsoft Defender zero-day vulnerabilities — CVE-2026-41091 (privilege escalation to SYSTEM via improper link resolution) and CVE-2026-45498 (Denial-of-Service in the Defender Antimalware Platform). Customers are advised to ensure automatic updates are enabled and verify updated Malware Protection Engine/Antimalware Platform versions; CISA added both issues to its KEV catalog and mandated federal agencies remediate under BOD 22-01.