Summary

Microsoft has disclosed two vulnerabilities in Microsoft Defender that are currently being actively exploited. These vulnerabilities include a privilege escalation flaw and a denial-of-service issue.

Key Points

• Microsoft Defender is affected by two vulnerabilities: a privilege escalation flaw and a denial-of-service flaw.
• The privilege escalation vulnerability is tracked as CVE-2026-41091 and has a CVSS score of 7.8.
• Successful exploitation of CVE-2026-41091 could allow attackers to gain SYSTEM privileges.
• The issue involves improper link resolution before file access, known as 'link following'.
• These vulnerabilities are actively being exploited in the wild.

Analysis

The active exploitation of these vulnerabilities in Microsoft Defender is a significant concern for IT professionals, as it affects a widely used security product. The privilege escalation flaw, in particular, poses a high risk due to its potential to grant attackers SYSTEM-level access, which could lead to further compromise of affected systems.

Conclusion

IT professionals should prioritize patching systems to address these vulnerabilities in Microsoft Defender. Regularly updating security software and monitoring for unusual activity can help mitigate the risks associated with these exploits.