HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Microsoft Defender Zero-Day Vulnerabilities Actively Exploited, Critical Patches Deployed

Microsoft disclosed two zero‑day flaws in Defender that are already being weaponised in the wild. The vulnerabilities enable SYSTEM‑level privilege escalation or denial‑of‑service, prompting urgent patches and a CISA directive for federal remediation. Third‑party risk managers must verify that all Windows endpoints in their supply chain are fully patched.

LiveThreat™ Intelligence · 📅 May 21, 2026· 📰 bleepingcomputer.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
4 sector(s)
Actions
4 recommended
📰
Source
bleepingcomputer.com

Microsoft Defender Zero‑Day Vulnerabilities Actively Exploited, Critical Patches Deployed

What Happened — Microsoft began rolling out emergency patches for two zero‑day flaws in its Defender suite (CVE‑2026‑41091 and CVE‑2026‑45498) that were already being weaponised in the wild. The first flaw allows privilege escalation to SYSTEM via improper link resolution; the second can trigger denial‑of‑service on unpatched Windows devices. The U.S. CISA added both to its Known Exploited Vulnerabilities (KEV) catalog and issued a binding directive for federal agencies to remediate by June 3.

Why It Matters for TPRM

  • Endpoint protection is a foundational control for virtually every third‑party relationship; a compromised defender defeats that control.
  • Active exploitation means attackers can gain full system rights or disrupt services before you know it, increasing breach risk across the supply chain.
  • Regulatory mandates (CISA BOD 22‑01) may translate into contractual compliance requirements for vendors handling government data.

Who Is Affected — All industries that rely on Windows endpoints, including technology/SaaS providers, MSP/MSSP customers, cloud‑hosted workloads, and any organization using Microsoft Defender or System Center Endpoint Protection.

Recommended Actions

  • Verify that every Windows endpoint and server has the latest Defender versions (Malware Protection Engine 1.1.26040.8, Antimalware Platform 4.18.26040.7).
  • Ensure automatic definition and platform updates are enabled; audit the “About” screen to confirm version numbers.
  • Update third‑party risk registers to reflect the new vulnerability and confirm that any vendors managing Windows endpoints have applied the patches.
  • Review incident‑response playbooks for potential privilege‑escalation or DoS scenarios stemming from these flaws.

Technical Notes

  • Attack vector: Vulnerability exploit (improper link resolution, privilege escalation, DoS).
  • CVEs: CVE‑2026‑41091 (privilege escalation) and CVE‑2026‑45498 (DoS).
  • Affected components: Microsoft Malware Protection Engine ≤ 1.1.26030.3008; Microsoft Defender Antimalware Platform ≤ 4.18.26030.3011 (including System Center Endpoint Protection and Security Essentials).
  • Mitigation: Deploy updated engine versions 1.1.26040.8 and 4.18.26040.7; verify auto‑update settings.
  • Source: BleepingComputer
📰 Original Source
https://www.bleepingcomputer.com/news/security/microsoft-warns-of-new-defender-zero-days-exploited-in-attacks/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →