In a proactive move to enhance cybersecurity, Microsoft has addressed two critical zero-day vulnerabilities within its Defender antivirus software. The vulnerabilities, identified as CVE-2026-41091, which pertains to privilege escalation, and CVE-2026-45498, associated with denial of service, have been actively exploited, prompting swift action from the tech giant.
Details of the Patches
The updates were seamlessly delivered through the Malware Protection Engine version 1.1.26040.8 and the Antimalware Platform version 4.18.26040.7. However, users are encouraged to manually verify their software versions to ensure they are operating with the latest security enhancements.
In a related development, the Cybersecurity and Infrastructure Security Agency (CISA) has included both vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog. This inclusion mandates that federal agencies must either patch the vulnerabilities or discontinue the use of affected software by June 3.
Microsoft’s security advisory highlights the importance of these patches, particularly for users operating on earlier versions of the Malware Protection Engine and Antimalware Platform. The company’s commitment to maintaining robust security measures is evident as it continues to address potential threats in real-time.
