Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
Microsoft just dropped a warning about two actively exploited vulnerabilities in Defender, including a privilege escalation flaw (CVE-2026-41091) that could give attackers SYSTEM privileges. This isn't one to sleep on, as these flaws are already being leveraged in the wild. If you're running Defender, patch up ASAP to block potential system compromise.
Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker to gain SYSTEM privileges. "Improper link resolution before file access ('link following') in Microsoft Defender
This summary was generated from open reporting. Read the full original article ↗
Related
Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking
CVE-2026-9082 can be exploited without authentication for information disclosure, privilege escalation, and remote code execution. The post Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking appeared first on SecurityWeek .
Edge-device zero-day is being exploited before a patch exists
A pre-auth remote code execution bug in a widely deployed edge gateway is under active exploitation with no vendor fix yet. Workarounds exist — apply them and watch your logs closely.
Microsoft warns of new Defender zero-days exploited in attacks
On Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks. [...]
Discussion
Loading discussion…