Microsoft Defender Security Alert: Addressing Actively Exploited Vulnerabilities
Microsoft has issued a critical security advisory regarding two vulnerabilities within Microsoft Defender that are currently being exploited in the wild. These flaws, which impact the Microsoft Defender Antimalware Platform, allow attackers to escalate privileges or trigger a denial-of-service (DoS) condition. Because these vulnerabilities are already being used in active attacks, users and administrators should prioritize updating their systems immediately.
Understanding the Exploited Vulnerabilities
The security risks involve two distinct CVE-tracked flaws that Microsoft has addressed in its latest updates:

- CVE-2026-41091 (CVSS Score: 7.8): This vulnerability involves improper link resolution before file access, commonly known as “link following.” By successfully exploiting this flaw, an authorized attacker can elevate their privileges locally to gain SYSTEM-level access. This level of control allows an attacker to modify system data, disable security features, or exfiltrate sensitive files.
- CVE-2026-45498 (CVSS Score: 4.0): This is a denial-of-service bug that targets the Defender service itself. While this does not grant an attacker direct control over the machine, it allows them to neutralize the antivirus protection, creating a window of opportunity for malware to execute undetected.
In addition to these actively exploited bugs, Microsoft also addressed a heap-based buffer overflow vulnerability, CVE-2026-45584, which carries a CVSS score of 8.1. While this flaw could theoretically allow remote code execution, Microsoft has reported no evidence of it being exploited in the wild at this time.
How to Protect Your System
Microsoft has released patches for these issues within the Microsoft Defender Antimalware Platform. Specifically, the updates are included in version 1.1.26040.8 and version 4.18.26040.7.
While Microsoft Defender typically updates automatically, these platform-specific updates can occasionally lag behind standard monthly Windows cumulative updates. To ensure your system is protected, you can manually verify your version:
- Open Windows Security.
- Navigate to Virus & threat protection.
- Select About to view the current version of your Microsoft Malware Protection Engine, and platform.
If your version is older than the ones listed above, ensure your system is connected to the internet and trigger a manual update check. Microsoft noted that systems where Defender has been explicitly disabled are not susceptible to these specific vulnerabilities.
Key Takeaways for Security Maintenance
- Active Threats: CVE-2026-41091 and CVE-2026-45498 are currently under active exploitation. Patching is not optional; it is a critical security requirement.
- System Privileges: The privilege escalation flaw (CVE-2026-41091) is particularly dangerous because it grants SYSTEM-level access, effectively giving an attacker total control over the host machine.
- Platform Updates: Do not assume that standard Windows updates cover all Defender components. Always verify the platform version within the Windows Security interface to confirm the latest protections are active.
Staying vigilant against these types of endpoint security flaws is essential, especially as attackers increasingly target the security software itself to bypass defenses. Regularly auditing your system’s security status and ensuring that automated update services are functioning correctly remains the best defense against these evolving threats.

Worth a look