{“lastseen”:”2026-05-21T18:05:08″,”description”:”Two Microsoft Defender vulnerabilities are being actively exploited in the wild.\\n\\nOn May 20, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added a notable set of actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The KEV catalog tracks vulnerabilities known to be exploited in the wild and sets patch deadlines for Federal Civilian Executive Branch (FCEB) agencies.\\n\\nFive of the added vulnerabilities are quite old by vulnerability standards. Patches were released in 2008, 2009, and 2010. But the Microsoft Defender vulnerabilities are from this year. Those two are:\\n\\n * CVE\u20112026\u201141091 (CVSS score 7.8 out of 10): a Microsoft Defender elevation of privilege vulnerability. A local attacker who already has some access to a machine can abuse Defender to gain SYSTEM\u2011level permissions, effectively giving them full control over Windows.\\n * CVE\u20112026\u201145498 (CVSS score 4.0 out of 10): a Microsoft Defender denial\u2011of\u2011service vulnerability. Here, an attacker can interfere with Defender in a way that disrupts its normal operation. If attackers can crash or disable your antivirus engine on demand, they can create a safer environment for their malware to run undetected.\\n\\n\\n\\nYou should take patching these vulnerabilities seriously if:\\n\\n * You rely on Microsoft Defender as your primary endpoint protection\\n * You manage Windows systems in a business, school, or local government environment\\n * You have shared machines, terminal servers, or any environment where multiple users log on to the same system\\n\\n\\n\\nAs you\u2019d expect from us, we don\u2019t advise relying on Windows Defender alone. There are better options available, and they are not mutually exclusive.\\n\\n## How to patch\\n\\nSecurity products are software, and software has bugs. When those bugs end up in a list of known exploited vulnerabilities, ignoring them is like leaving your front door open because \u201cthe alarm will catch anyone coming in.\u201d \\n\\nMake sure Windows Update is enabled and set to receive updates for Microsoft products. Defender platform updates are often delivered alongside regular cumulative updates.\\n\\nAlso check that recent Microsoft Defender security intelligence and platform updates are installed.\\n\\nThe first version of the Microsoft Defender Antimalware Platform with these vulnerabilities addressed is 4.18.26040.7.\\n\\nYou can usually find that version number in **Windows Security** :\\n\\n 1. Open **Start** and search for **Windows Security**\\n 2. Go to **Virus \\u0026 threat protection**\\n 3. Click **Settings** or the **gear icon**\\n 4. Open **About**\\n\\n\\n\\nEven with auto-update enabled, I didn’t receive this patch immediately. Defender platform updates can lag behind definitions or only appear when a cumulative Windows update lands. Microsoft typically releases updates for the Microsoft Defender Antimalware Platform once a month, or as needed to protect against new threats. \\n\\nSo, I’ll have to wait. Good thing I’m protected.\\n\\n* * *\\n\\n**We don\u2019t just report on threats\u2014we remove them**\\n\\nCybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.”,”published”:”2026-05-21T17:36:52″,”modified”:”2026-05-21T17:36:52″,”type”:”malwarebytes”,”title”:”Microsoft Defender vulnerabilities are being exploited in the wild”,”source”:””,”references”:””,”id”:”MALWAREBYTES:773D36307511D19C8738B00ECD7EC474″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2026-41091″,”CVE-2026-45498″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:7.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/bugs\/2026\/05\/microsoft-defender-vulnerabilities-are-being-exploited-in-the-wild”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-05-21T18:05:08″,”description”:”Two Microsoft Defender vulnerabilities are being actively exploited in the wild.\\n\\nOn May 20, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added a notable set…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,28,12,15,115,13,7,11,5],"class_list":["post-56154","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-78","tag-exploit","tag-high","tag-malwarebytes","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n