CISA flags actively exploited Microsoft Defender flaws

CISA flags actively exploited Microsoft Defender flaws

CISA added two Microsoft Defender vulnerabilities to the KEV catalog: CVE-2026-45498, an unspecified flaw that can trigger a denial-of-service condition, and CVE-2026-41091, a link-following issue enabling local privilege escalation by a low-privileged authorized attacker. Federal agencies were ordered to remediate by June 3, 2026, or stop using affected products if fixes are unavailable.

The pairing is operationally significant because it targets the security stack itself: one flaw can disrupt endpoint protection, the other can raise access on a compromised host. CISA says the directive also applies to cloud-hosted Defender deployments, widening the patching priority beyond traditional on-prem environments.

️ Open sources - closed narratives

@sitreports

Source: Telegram "sitreports"