2 New Microsoft Defender Zero-Days Exploited—Patch Now Rolling Out
Microsoft is issuing an emergency update for its Defender security software following confirmation from CISA that two zero-day vulnerabilities are actively being exploited. One vulnerability, CVE-2026-41091, allows for privilege escalation within the Microsoft Malware Protection Engine. The second, CVE-2026-45498, is a denial-of-service vulnerability affecting the Microsoft Defender Antimalware Platform and related products. CISA has mandated that federal agencies implement mitigation measures by June 3. AI
IMPACT This incident highlights ongoing cybersecurity risks for AI infrastructure and enterprise software, necessitating prompt patching to prevent breaches.