Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Microsoft Defender zero-days exploited in attacks (multiple vulnerabilities)

Vulnerability
First reported
Last updated
Happening score
H score 39
2 unique sources, 2 articles

Summary

Hide ▲

Microsoft began rolling out fixes for CVE-2026-41091 and CVE-2026-45498, two actively exploited zero-days in Microsoft Defender components that affect unpatched Windows systems. CVE-2026-41091 can let attackers reach SYSTEM privileges through an improper link resolution before file access weakness in Microsoft Malware Protection Engine. CVE-2026-45498 can trigger denial-of-service conditions in the Microsoft Defender Antimalware Platform and related endpoint protection products.

Related Happenings

Windows BitLocker YellowKey mitigation guidance (CVE-2026-45585)

Advisory/Mitigation
First: 20.05.2026 10:31 Last: 20.05.2026 10:31 Sources 1

About this happening: Microsoft issued **mitigation guidance** for **YellowKey**, a **Windows BitLocker zero-day** that can expose **BitLocker-protected drives** before the security update is available...

Open Happening

CISA KEV order for BlueHammer patching

Public Sector Action
First: 23.04.2026 14:05 Last: 23.04.2026 14:05 Sources 1

About this happening: **CISA** ordered **Federal Civilian Executive Branch agencies** to patch **Windows** systems against **CVE-2026-33825** within **two weeks** after adding the flaw to the **KEV Cat...

Open Happening

Storm-1175 high-tempo Medusa ransomware campaign

Campaign
First: 07.04.2026 13:02 Last: 07.04.2026 13:02 Sources 1

About this happening: **Storm-1175** is running a **high-tempo Medusa ransomware campaign** that has repeatedly exploited **n-day and zero-day flaws** to gain initial access before patching closes the...

Open Happening

Storm-1175 high-velocity exploit campaign

Campaign
First: 06.04.2026 19:56 Last: 06.04.2026 19:56 Sources 1

About this happening: **Storm-1175** is running a **high-velocity exploit campaign** that rapidly turns access into **Medusa ransomware** deployment, creating risk of **data exfiltration** and encrypte...

Open Happening

CISA KEV multi-product active exploitation wave (CVE-2020-7796)

Exploitation Wave
First: 18.02.2026 08:52 Last: 18.02.2026 08:52 Sources 1

About this happening: **CISA** expanded its **KEV catalog** with **four actively exploited flaws**, signaling a live exploitation wave across **Chrome, TeamT5 ThreatSonar, Zimbra, and Windows Video Act...

Open Happening

Timeline

  1. 21.05.2026 10:49 2 articles · 6d ago

    Microsoft rolls out patches for two Defender zero-days

    Mitigation Patch Update

    Microsoft starts rolling out security patches for CVE-2026-41091 and CVE-2026-45498, two Microsoft Defender zero-days affecting Microsoft Malware Protection Engine 1.1.26030.3008 and earlier and Microsoft Defender Antimalware Platform 4.18.26030.3011 and earlier; the fixes include Malware Protection Engine versions 1.1.26040.8 and 4.18.26040.7.

    Show sources
    Open in new tab
  2. 21.05.2026 10:49 3 articles · 6d ago

    CISA adds the Defender zero-days to KEV and orders remediation

    Legal Policy Action Update

    CISA adds CVE-2026-41091 and CVE-2026-45498 to its Known Exploited Vulnerabilities (KEV) Catalog and orders Federal Civilian Executive Branch (FCEB) agencies to secure Windows endpoints and servers within two weeks, by June 3, under Binding Operational Directive (BOD) 22-01, citing active exploitation in the wild.

    Show sources
    Open in new tab
  3. 21.05.2026 10:49 2 articles · 6d ago

    Microsoft rolls out patches for two Defender zero-days

    Mitigation Patch Update

    Microsoft starts rolling out security patches for CVE-2026-41091 and CVE-2026-45498, two Microsoft Defender zero-days affecting Microsoft Malware Protection Engine 1.1.26030.3008 and earlier and Microsoft Defender Antimalware Platform 4.18.26030.3011 and earlier; the fixes include Malware Protection Engine versions 1.1.26040.8 and 4.18.26040.7.

    Show sources
    Open in new tab
  4. 21.05.2026 10:49 3 articles · 6d ago

    CISA adds the Defender zero-days to KEV and orders remediation

    Legal Policy Action Update

    CISA adds CVE-2026-41091 and CVE-2026-45498 to its Known Exploited Vulnerabilities (KEV) Catalog and orders Federal Civilian Executive Branch (FCEB) agencies to secure Windows endpoints and servers within two weeks, by June 3, under Binding Operational Directive (BOD) 22-01, citing active exploitation in the wild.

    Show sources
    Open in new tab