Attackers are exploiting two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498), Microsoft acknowledged and CISA confirmed by adding them to its Known Exploited Vulnerabilities catalog. The vulnerabilities CVE-2026-41091 allows for local privilege elevation (LPE), and is caused by the Microsoft Malware Protection Engine improperly resolving links before accessing files. “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft noted. CVE-2026-45498 can cause a denial-of-service (DoS) state, i.e., it can be used to prevent … More →
The post Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498) appeared first on Help Net Security.
http://news.poseidon-us.com/TSfR58
