Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498
Security Patch Release
Summary
Hide ▲
Show ▼
Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected Microsoft Malware Protection Engine and Microsoft Defender Antimalware Platform versions reported in the disclosures. Both vulnerabilities were described as exploited in the wild. CVE-2026-41091 is a local privilege-escalation flaw, while CVE-2026-45498 is a denial-of-service issue. CISA added both to its Known Exploited Vulnerabilities catalog and urged federal agencies to patch by June 3.
Related Happenings
Pretalx version 2026.1.0 security update for CVE-2026-41241
Security Patch Release
First: 27.05.2026 17:30
Last: 27.05.2026 17:30
Sources 1
About this happening:
**Pretalx** released **version 2026.1.0** to patch **CVE-2026-41241**, a **stored XSS** flaw that could compromise organizer accounts in conference deployments. The update closes...
Pretalx version 2026.1.0 security update for CVE-2026-41241
Security Patch ReleaseAbout this happening: **Pretalx** released **version 2026.1.0** to patch **CVE-2026-41241**, a **stored XSS** flaw that could compromise organizer accounts in conference deployments. The update closes...
Microsoft security patch release for CVE-2026-45659
Security Patch Release
First: 26.05.2026 14:49
Last: 26.05.2026 14:49
Sources 1
About this happening:
Microsoft released **SharePoint** updates for **CVE-2026-45659**, a **remote code execution** flaw that could let an authenticated attacker run code over the network without eleva...
Microsoft security patch release for CVE-2026-45659
Security Patch ReleaseAbout this happening: Microsoft released **SharePoint** updates for **CVE-2026-45659**, a **remote code execution** flaw that could let an authenticated attacker run code over the network without eleva...
TrendAI Trend Micro’s enterprise business security patch release for CVE-2026-34926
Security Patch Release
First: 22.05.2026 11:19
Last: 22.05.2026 11:19
Sources 1
About this happening:
**TrendAI** released **Apex One** security updates after confirming a **zero-day** had been **exploited in the wild**, leaving **on-premises installations** at risk until patched....
TrendAI Trend Micro’s enterprise business security patch release for CVE-2026-34926
Security Patch ReleaseAbout this happening: **TrendAI** released **Apex One** security updates after confirming a **zero-day** had been **exploited in the wild**, leaving **on-premises installations** at risk until patched....
Windows BitLocker YellowKey mitigation guidance (CVE-2026-45585)
Advisory/Mitigation
First: 20.05.2026 10:31
Last: 20.05.2026 10:31
Sources 1
About this happening:
Microsoft issued **mitigation guidance** for **YellowKey**, a **Windows BitLocker zero-day** that can expose **BitLocker-protected drives** before the security update is available...
Windows BitLocker YellowKey mitigation guidance (CVE-2026-45585)
Advisory/MitigationAbout this happening: Microsoft issued **mitigation guidance** for **YellowKey**, a **Windows BitLocker zero-day** that can expose **BitLocker-protected drives** before the security update is available...
Microsoft May 2026 Patch Tuesday release
Security Patch Release
First: 13.05.2026 13:36
Last: 13.05.2026 13:36
Sources 1
About this happening:
Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...
Microsoft May 2026 Patch Tuesday release
Security Patch ReleaseAbout this happening: Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...
Timeline
-
21.05.2026 12:52 3 articles · 6d ago
Microsoft patches exploited Defender zero-days and CISA adds them to KEV
Initial DisclosureMicrosoft released patches for Microsoft Defender Antimalware Platform version 4.18.26040.7 to address CVE-2026-41091, a link-following privilege-escalation flaw that can let an authorized attacker elevate privileges locally to System, and CVE-2026-45498, a denial-of-service flaw. Microsoft said both vulnerabilities were publicly disclosed and exploited in the wild as zero-days. CISA added both flaws to its Known Exploited Vulnerabilities (KEV) list and urged federal agencies to patch them by June 3.
Show sources
- Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days — www.securityweek.com — 21.05.2026 12:52
- Microsoft Warns of Two Actively Exploited Defender Vulnerabilities — thehackernews.com — 21.05.2026 13:55
- Microsoft Warns of Two Actively Exploited Defender Vulnerabilities — thehackernews.com — 21.05.2026 13:55
-
21.05.2026 10:49 2 articles · 6d ago
Microsoft rolls out patches for exploited Defender zero-days
Mitigation Patch UpdateMicrosoft started rolling out fixes for CVE-2026-41091 in Microsoft Malware Protection Engine 1.1.26030.3008 and earlier and CVE-2026-45498 in Microsoft Defender Antimalware Platform 4.18.26030.3011 and earlier after zero-day exploitation affected unpatched Windows devices; CISA also added both vulnerabilities to the KEV Catalog and ordered Federal Civilian Executive Branch agencies to secure Windows endpoints and servers within two weeks, by June 3, under Binding Operational Directive (BOD) 22-01.
Show sources
- Microsoft warns of new Defender zero-days exploited in attacks — www.bleepingcomputer.com — 21.05.2026 10:49
- Microsoft warns of new Defender zero-days exploited in attacks — www.bleepingcomputer.com — 21.05.2026 10:49