Microsoft Defender Multiple Vulnerabilities
RISK: High Risk
TYPE: Security software and application - Security Software & Appliance
Multiple vulnerabilities were identified in Microsoft Defender. Attacker could exploit some of these vulnerabilities to trigger remote code execution, denial of service condition and elevation of privilege on the targeted system.
Note:
CVE-2026-45498 is being exploited in the wild. Microsoft Defender contains an unspecified vulnerability that allows for denial of service.
CVE-2026-41091 is being exploited in the wild. Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.
Hence, the risk level is rated as High Risk.
[Updated on 2026-05-26]
Updated Description, Impact, Solutions, Vulnerability Identifier and Related Links.
Impact
- Denial of Service
- Elevation of Privilege
- Remote Code Execution
System / Technologies affected
- Microsoft Malware Protection Engine
Solutions
Before installation of the software, please visit the software vendor web-site for more details.
Apply fixes issued by the vendor:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41091
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45498
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45584
Vulnerability Identifier
Source
- Microsoft
- https://www.cisa.gov/news-events/alerts/2026/05/20/cisa-adds-seven-known-exploited-vulnerabilities-catalog
Related Link
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41091
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45498
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45584
- https://www.cisa.gov/news-events/alerts/2026/05/20/cisa-adds-seven-known-exploited-vulnerabilities-catalog
Related Tags
Share with