Microsoft Defender Zero‑Day Vulnerabilities Actively Exploited, Critical Patches Deployed
What Happened — Microsoft began rolling out emergency patches for two zero‑day flaws in its Defender suite (CVE‑2026‑41091 and CVE‑2026‑45498) that were already being weaponised in the wild. The first flaw allows privilege escalation to SYSTEM via improper link resolution; the second can trigger denial‑of‑service on unpatched Windows devices. The U.S. CISA added both to its Known Exploited Vulnerabilities (KEV) catalog and issued a binding directive for federal agencies to remediate by June 3.
Why It Matters for TPRM
- Endpoint protection is a foundational control for virtually every third‑party relationship; a compromised defender defeats that control.
- Active exploitation means attackers can gain full system rights or disrupt services before you know it, increasing breach risk across the supply chain.
- Regulatory mandates (CISA BOD 22‑01) may translate into contractual compliance requirements for vendors handling government data.
Who Is Affected — All industries that rely on Windows endpoints, including technology/SaaS providers, MSP/MSSP customers, cloud‑hosted workloads, and any organization using Microsoft Defender or System Center Endpoint Protection.
Recommended Actions
- Verify that every Windows endpoint and server has the latest Defender versions (Malware Protection Engine 1.1.26040.8, Antimalware Platform 4.18.26040.7).
- Ensure automatic definition and platform updates are enabled; audit the “About” screen to confirm version numbers.
- Update third‑party risk registers to reflect the new vulnerability and confirm that any vendors managing Windows endpoints have applied the patches.
- Review incident‑response playbooks for potential privilege‑escalation or DoS scenarios stemming from these flaws.
Technical Notes —
- Attack vector: Vulnerability exploit (improper link resolution, privilege escalation, DoS).
- CVEs: CVE‑2026‑41091 (privilege escalation) and CVE‑2026‑45498 (DoS).
- Affected components: Microsoft Malware Protection Engine ≤ 1.1.26030.3008; Microsoft Defender Antimalware Platform ≤ 4.18.26030.3011 (including System Center Endpoint Protection and Security Essentials).
- Mitigation: Deploy updated engine versions 1.1.26040.8 and 4.18.26040.7; verify auto‑update settings.
- Source: BleepingComputer