Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498
Security Patch Release
Summary
Hide ▲
Show ▼
Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected Microsoft Malware Protection Engine and Microsoft Defender Antimalware Platform versions reported in the disclosures. Both vulnerabilities were described as exploited in the wild. CVE-2026-41091 is a local privilege-escalation flaw, while CVE-2026-45498 is a denial-of-service issue. CISA added both to its Known Exploited Vulnerabilities catalog and urged federal agencies to patch by June 3.
Related Happenings
Citrix security patch release for CVE-2026-13474
Security Patch Release
H score35
First: 01.07.2026 06:54
Last: 01.07.2026 06:54
Sources 1
About this happening:
**Citrix** released security updates for **NetScaler ADC** and **NetScaler Gateway** to fix **six vulnerabilities** that could enable **arbitrary file reads** or **denial of servi...
Citrix security patch release for CVE-2026-13474
Security Patch ReleaseAbout this happening: **Citrix** released security updates for **NetScaler ADC** and **NetScaler Gateway** to fix **six vulnerabilities** that could enable **arbitrary file reads** or **denial of servi...
Microsoft Defender BlueHammer (CVE-2026-33825) ransomware exploitation wave
Exploitation Wave
H score41
First: 30.06.2026 11:53
Last: 30.06.2026 11:53
Sources 1
About this happening:
CISA has flagged **BlueHammer (CVE-2026-33825)** as exploited in **ransomware campaigns**, expanding the risk to **Windows devices** exposed to privilege escalation. The flaw in *...
Microsoft Defender BlueHammer (CVE-2026-33825) ransomware exploitation wave
Exploitation WaveAbout this happening: CISA has flagged **BlueHammer (CVE-2026-33825)** as exploited in **ransomware campaigns**, expanding the risk to **Windows devices** exposed to privilege escalation. The flaw in *...
Linux kernel maintainers security patch release for CVE-2026-43503
Security Patch Release
H score34
First: 26.06.2026 14:51
Last: 26.06.2026 14:51
Sources 1
About this happening:
**Linux kernel** merged and shipped the **DirtyClone** security fix for **CVE-2026-43503**, closing a **CVSS 8.8** local privilege-escalation path that could let affected systems...
Linux kernel maintainers security patch release for CVE-2026-43503
Security Patch ReleaseAbout this happening: **Linux kernel** merged and shipped the **DirtyClone** security fix for **CVE-2026-43503**, closing a **CVSS 8.8** local privilege-escalation path that could let affected systems...
Microsoft releases RoguePlanet Defender security update for CVE-2026-50656
Security Patch Release
H score32
First: 17.06.2026 20:36
Last: 17.06.2026 20:36
Sources 1
About this happening:
**Microsoft** has released a **security update** for **CVE-2026-50656**, remediating **RoguePlanet** in the **Microsoft Malware Protection Engine (mpengine.dll)**. The flaw is a *...
Microsoft releases RoguePlanet Defender security update for CVE-2026-50656
Security Patch ReleaseAbout this happening: **Microsoft** has released a **security update** for **CVE-2026-50656**, remediating **RoguePlanet** in the **Microsoft Malware Protection Engine (mpengine.dll)**. The flaw is a *...
Latest development: 09.07.2026 11:48
Microsoft released security updates for CVE-2026-50656, remediating the RoguePlanet privilege-escalation flaw in Microsoft Malware Protection Engine (mpengine.dll) with version 1.1.26060.3008 and additional defense-in-depth updates. Microsoft said no customer action is required to install the update.
Microsoft security patch release for CVE-2026-42824
Security Patch Release
H score30
First: 15.06.2026 16:00
Last: 15.06.2026 16:00
Sources 1
About this happening:
Microsoft's **fix for SearchLeak** in **Microsoft 365 Copilot Enterprise** closed a **critical** flaw tied to **CVE-2026-42824** that could expose **mailbox, OneDrive, and SharePo...
Microsoft security patch release for CVE-2026-42824
Security Patch ReleaseAbout this happening: Microsoft's **fix for SearchLeak** in **Microsoft 365 Copilot Enterprise** closed a **critical** flaw tied to **CVE-2026-42824** that could expose **mailbox, OneDrive, and SharePo...
Timeline
-
21.05.2026 12:52 3 articles · 1mo ago
Microsoft patches exploited Defender zero-days and CISA adds them to KEV
Initial DisclosureMicrosoft released patches for Microsoft Defender Antimalware Platform version 4.18.26040.7 to address CVE-2026-41091, a link-following privilege-escalation flaw that can let an authorized attacker elevate privileges locally to System, and CVE-2026-45498, a denial-of-service flaw. Microsoft said both vulnerabilities were publicly disclosed and exploited in the wild as zero-days. CISA added both flaws to its Known Exploited Vulnerabilities (KEV) list and urged federal agencies to patch them by June 3.
Show sources
- Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days — www.securityweek.com — 21.05.2026 12:52
- Microsoft Warns of Two Actively Exploited Defender Vulnerabilities — thehackernews.com — 21.05.2026 13:55
- Microsoft Warns of Two Actively Exploited Defender Vulnerabilities — thehackernews.com — 21.05.2026 13:55
-
21.05.2026 10:49 2 articles · 1mo ago
Microsoft rolls out patches for exploited Defender zero-days
Mitigation Patch UpdateMicrosoft started rolling out fixes for CVE-2026-41091 in Microsoft Malware Protection Engine 1.1.26030.3008 and earlier and CVE-2026-45498 in Microsoft Defender Antimalware Platform 4.18.26030.3011 and earlier after zero-day exploitation affected unpatched Windows devices; CISA also added both vulnerabilities to the KEV Catalog and ordered Federal Civilian Executive Branch agencies to secure Windows endpoints and servers within two weeks, by June 3, under Binding Operational Directive (BOD) 22-01.
Show sources
- Microsoft warns of new Defender zero-days exploited in attacks — www.bleepingcomputer.com — 21.05.2026 10:49
- Microsoft warns of new Defender zero-days exploited in attacks — www.bleepingcomputer.com — 21.05.2026 10:49