On Wednesday, **Microsoft** addressed two critical vulnerabilities in **Microsoft Defender** that were being actively exploited in zero-day attacks. ### Privilege Escalation and DoS Vulnerabilities The first vulnerability, tracked as **CVE-2026-41091**, is a privilege escalation flaw affecting **Microsoft Malware Protection Engine** 1.1.26030.3008 and earlier. This vulnerability stems from an improper link resolution before file access (link following) weakness, potentially allowing attackers to gain SYSTEM privileges. The second vulnerability, **CVE-2026-45498**, impacts systems running **Microsoft Defender Antimalware Platform** 4.18.26030.3011 and earlier, which is also used by **Microsoft's System Center Endpoint Protection**, **System Center 2012 R2 Endpoint Protection**, **System Center 2012 Endpoint Protection**, and **Security Essentials**. Successful exploitation could lead to denial-of-service (DoS) conditions on vulnerable **Windows** devices. ### Remediation **Microsoft** has released **Malware Protection Engine** versions 1.1.26040.8 and 4.18.26040.7 to resolve these vulnerabilities. The company states that the default configuration of **Microsoft** antimalware software should automatically keep malware definitions and the **Windows Defender Antimalware Platform** up to date. However, users are advised to manually verify the update status: 1. Open the **Windows Security** program. 2. In the navigation pane, select **Virus & threat protection**. 3. Click **Protection Updates** in the **Virus & threat protection** section. 4. Select **Check for updates**. 5. In the navigation pane, select **Settings**, and then select **About**. 6. Examine the **Antimalware ClientVersion** number. Verify that the **Malware Protection Platform** version number or the signature package version number matches or exceeds the version number of the update. ### CISA Directive The **U.S. Cybersecurity and Infrastructure Security Agency (CISA)** has added both vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog and mandated that Federal Civilian Executive Branch (FCEB) agencies patch their **Windows** endpoints and servers by June 3, as per Binding Operational Directive (BOD) 22-01. **CISA** warned that these types of vulnerabilities are frequently exploited by malicious actors and pose significant risks. They advise applying mitigations per vendor instructions or discontinuing the use of the product if mitigations are unavailable. ### Additional Mitigation On Tuesday, **Microsoft** also shared mitigations for **YellowKey**, a recently disclosed **Windows BitLocker** zero-day flaw that could allow attackers to access protected drives. <div><p><a rel="noopener nofollow" href="https://hubs.li/Q048zztN0"><img alt="article image" src="https://www.bleepstatic.com/c/p/validation-gap.jpg"></a></p><div><h2><a rel="noopener nofollow" href="https://hubs.li/Q048zztN0">The Validation Gap: Automated Pentesting Answers One Question. You Need Six.</a></h2><p>Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.</p><p>This guide covers the 6 surfaces you actually need to validate.</p><p><a rel="noopener nofollow" href="https://hubs.li/Q048zztN0">Download Now</a></p></div></div>