Microsoft Defender vulnerabilities are being exploited in the wild

Two Microsoft Defender vulnerabilities (CVE-2026-41091 — elevation of privilege, CVSS 7.8; and CVE-2026-45498 — denial-of-service, CVSS 4.0) were added to CISA’s Known Exploited Vulnerabilities catalog and are being actively exploited; administrators should apply the Defender platform update (first fixed in 4.18.26040.7) and ensure Windows Update and Defender intelligence/platform updates are enabled.