1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Microsoft confirms two major Defender security issues so update

    From TechnologyDaily@1337:1/100 to All on Fri May 22 18:15:32 2026
    Microsoft confirms two major Defender security issues so update now or face possible attack

    Date:
    Fri, 22 May 2026 17:05:00 +0000

    Description:
    CISA confirms two bugs being actively exploited in the wild, as Microsoft releases patches.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Microsoft patches two actively exploited zeroday flaws in Defender, tracked as CVE202641091 (privilege escalation) and CVE202645498 (denial of service) Updates were shipped automatically via Malware Protection Engine 1.1.26040.8 and Antimalware Platform 4.18.26040.7, though users are advised to manually verify versions CISA added both bugs to its KEV catalog, giving federal agencies until June 3 to patch or discontinue vulnerable software Microsoft has released patches
    for two zero-day vulnerabilities affecting its Defender antivirus tool.

    In a new security advisory, the company said it fixed a privilege escalation security bug plaguing Microsoft Malware Protection Engine 1.1.26030.3008 and earlier, and a denial-of-service flaw in the Microsoft Defender Antimalware Platform 4.18.26030.3011 and earlier. The former is tracked as CVE-2026-41091 and was given a severity score of 7.8/10 (high). It allows malicious actors
    to escalate privileges locally. The latter is tracked under CVE-2026-45498, with a severity score of 7.5/10 (high). Latest Videos From You may like CISA puts US government agencies on two-week deadline to patch Microsoft Defender BlueHammer zero-day exploit Trend Micro warns of worrying security flaw allowing full Windows takeover, so patch now Disgruntled researcher releases second major Defender zero-day CISA confirms abuse To address the vulnerabilities, Microsoft released Malware Protection Engine versions 1.1.26040.8 and 4.18.26040.7, one for each flaw. The company said no action
    is needed on the customer side, since the Defender receives these updates automatically, under the default configuration.

    Still, since both flaws are being actively abused in the wild, it doesnt hurt to double-check, by navigating to the Virus & threat protection window, then Protection Updates, and then clicking Check for updates. The Antimalware ClientVersion number should show the version numbers above.

    The confirmation the bugs are being exploited came from the US Cybersecurity and Infrastructure Security Agency (CISA), who added them to its Known Exploited Vulnerabilities (KEV) catalog recently.

    When that happens, Federal Civilian Executive Branch (FCEB) agencies usually have a two-week deadline to patch up or stop using vulnerable software immediately. In this case, agencies have until June 3. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get
    all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
    your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    "This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise," CISA
    explained. "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable."

    Via BleepingComputer The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-confirms-two-major-defender-s ecurity-issues-so-update-now-or-face-possible-attack


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)