Microsoft patches two zero-day flaws in Defender

Source: Microsoft patches two zero-day flaws in Defender | CSO Online

Author: unknown

URL: https://www.csoonline.com/article/4175970/microsoft-patches-two-zero-day-flaws-in-defender.html

ONE SENTENCE SUMMARY:

Microsoft patched two exploited Microsoft Defender zero-days enabling privilege escalation or protection disruption, urging updates to specific engine/platform versions.

MAIN POINTS:

1. Emergency fixes address two zero-day flaws in Microsoft Defender malware protection components.
2. Local attackers can obtain SYSTEM privileges or break antimalware service functionality.
3. Either outcome helps malware evade detection and increases attacker control.
4. CISA added CVE-2026-41091 and CVE-2026-45498 to the KEV catalog.
5. Inclusion in KEV indicates exploitation was observed in the wild.
6. Researchers link issues to RedSun and UnDefend GitHub exploits by “Nightmare Eclipse.”
7. CVE-2026-41091 resides in mpengine.dll within the Microsoft Malware Protection Engine.
8. Improper link resolution before file access underlies CVE-2026-41091; CVSS 7.8 high severity.
9. CVE-2026-45498 affects MsMpEng.exe, central to real-time monitoring with kernel drivers.
10. Recommended minimum versions: MPE 1.1.26040.8+ and platform 4.18.26040.7+.

TAKEAWAYS:

1. Rapid patching is critical because active exploitation against endpoints has been detected.
2. Verifying component versions matters since platform binaries update less frequently than signatures.
3. Endpoint fleets using Defender or related products share exposure due to common code components.
4. Local privilege escalation plus defense disruption creates a powerful combination for malware operations.
5. Deploying the engine update also remediates an additional RCE, CVE-2026-45584.