Microsoft Defender vulnerabilities are being exploited in the wild

[Microsoft Defender vulnerabilities are being exploited in the wild]

Search for:

Have a current computer infection?

Worried it’s a scam?

Try our antivirus with a free, full-featured 14-day trial

Get your free digital security toolkit

Find the right cyberprotection for you

Search for:

Two Microsoft Defender vulnerabilities are being actively exploited in the wild.

On May 20, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added a notable set of actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The KEV catalog tracks vulnerabilities known to be exploited in the wild and sets patch deadlines for Federal Civilian Executive Branch (FCEB) agencies.

Five of the added vulnerabilities are quite old by vulnerability standards. Patches were released in 2008, 2009, and 2010. But the Microsoft Defender vulnerabilities are from this year. Those two are:

• CVE‑2026‑41091 (CVSS score 7.8 out of 10): a Microsoft Defender elevation of privilege vulnerability. A local attacker who already has some access to a machine can abuse Defender to gain SYSTEM‑level permissions, effectively giving them full control over Windows.
• CVE‑2026‑45498 (CVSS score 4.0 out of 10): a Microsoft Defender denial‑of‑service vulnerability. Here, an attacker can interfere with Defender in a way that disrupts its normal operation. If attackers can crash or disable your antivirus engine on demand, they can create a safer environment for their malware to run undetected.

You should take patching these vulnerabilities seriously if:

• You rely on Microsoft Defender as your primary endpoint protection
• You manage Windows systems in a business, school, or local government environment
• You have shared machines, terminal servers, or any environment where multiple users log on to the same system

As you’d expect from us, we don’t advise relying on Windows Defender alone. There are better options available, and they are not mutually exclusive.

Security products are software, and software has bugs. When those bugs end up in a list of known exploited vulnerabilities, ignoring them is like leaving your front door open because “the alarm will catch anyone coming in.”

Make sure Windows Update is enabled and set to receive updates for Microsoft products. Defender platform updates are often delivered alongside regular cumulative updates.

Also check that recent Microsoft Defender security intelligence and platform updates are installed.

The first version of the Microsoft Defender Antimalware Platform with these vulnerabilities addressed is 4.18.26040.7.

You can usually find that version number in**Windows Security**:

1. Open**Start**and search for**Windows Security** 2. Go to**Virus & threat protection** 3. Click**Settings**or the**gear icon** 4. Open**About**

Even with auto-update enabled, I didn’t receive this patch immediately. Defender platform updates can lag behind definitions or only appear when a cumulative Windows update lands. Microsoft typically releases updates for the Microsoft Defender Antimalware Platform once a month, or as needed to protect against new threats.

So, I’ll have to wait. Good thing I’m protected.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices bydownloading Malwarebytes today.

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences, or your device, and is mostly used to make the site work as you expect. The information does not usually identify you directly, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to learn more and change our default settings. Blocking some types of cookies may impact your experience of the site and the services we are able to offer.