Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days
Microsoft released patches for two zero-day vulnerabilities in Microsoft Defender that have been exploited in the wild. The first vulnerability (CVE-2026-41091) allows local privilege escalation to System via improper link resolution before file access. The second vulnerability (CVE-2026-45498) can cause a denial-of-service condition. Both issues affect Microsoft Defender Antimalware Platform version 4. 18. 26040. 7. Systems with Defender disabled are not vulnerable. The US CISA has added these vulnerabilities to its Known Exploited Vulnerabilities list and urges patching by June 3, 2026.
AI Analysis
Technical Summary
Two zero-day vulnerabilities in Microsoft Defender were publicly disclosed and exploited in the wild. CVE-2026-41091 is a local privilege escalation vulnerability caused by improper link resolution before file access, allowing an authorized attacker to elevate privileges to System. CVE-2026-45498 is a denial-of-service vulnerability. Microsoft patched both in Defender Antimalware Platform version 4.18.26040.7. The vulnerabilities are variants of the BlueHammer exploit and have been added to CISA's KEV list, with a patch deadline for federal agencies of June 3, 2026. Systems with Defender disabled are not exploitable. The vendor advisory is minimal but confirms exploitation and patch availability.
Potential Impact
Successful exploitation of CVE-2026-41091 can lead to local privilege escalation to System level, potentially allowing attackers to gain full control of the affected system. CVE-2026-45498 can cause denial-of-service conditions, disrupting Defender operations. Both vulnerabilities have been exploited in the wild, indicating active threat. Systems without Defender enabled are not vulnerable. The impact is significant for affected systems but limited to local attackers for privilege escalation and DoS conditions.
Mitigation Recommendations
Microsoft has released official patches addressing both vulnerabilities in Microsoft Defender Antimalware Platform version 4.18.26040.7. Organizations should apply these updates promptly. Systems with Microsoft Defender disabled are not vulnerable. The US CISA recommends patching by June 3, 2026, especially for federal agencies. No additional mitigations are indicated beyond applying the official fixes.
Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days
Description
Microsoft released patches for two zero-day vulnerabilities in Microsoft Defender that have been exploited in the wild. The first vulnerability (CVE-2026-41091) allows local privilege escalation to System via improper link resolution before file access. The second vulnerability (CVE-2026-45498) can cause a denial-of-service condition. Both issues affect Microsoft Defender Antimalware Platform version 4. 18. 26040. 7. Systems with Defender disabled are not vulnerable. The US CISA has added these vulnerabilities to its Known Exploited Vulnerabilities list and urges patching by June 3, 2026.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Two zero-day vulnerabilities in Microsoft Defender were publicly disclosed and exploited in the wild. CVE-2026-41091 is a local privilege escalation vulnerability caused by improper link resolution before file access, allowing an authorized attacker to elevate privileges to System. CVE-2026-45498 is a denial-of-service vulnerability. Microsoft patched both in Defender Antimalware Platform version 4.18.26040.7. The vulnerabilities are variants of the BlueHammer exploit and have been added to CISA's KEV list, with a patch deadline for federal agencies of June 3, 2026. Systems with Defender disabled are not exploitable. The vendor advisory is minimal but confirms exploitation and patch availability.
Potential Impact
Successful exploitation of CVE-2026-41091 can lead to local privilege escalation to System level, potentially allowing attackers to gain full control of the affected system. CVE-2026-45498 can cause denial-of-service conditions, disrupting Defender operations. Both vulnerabilities have been exploited in the wild, indicating active threat. Systems without Defender enabled are not vulnerable. The impact is significant for affected systems but limited to local attackers for privilege escalation and DoS conditions.
Mitigation Recommendations
Microsoft has released official patches addressing both vulnerabilities in Microsoft Defender Antimalware Platform version 4.18.26040.7. Organizations should apply these updates promptly. Systems with Microsoft Defender disabled are not vulnerable. The US CISA recommends patching by June 3, 2026, especially for federal agencies. No additional mitigations are indicated beyond applying the official fixes.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/microsoft-patches-exploited-undefend-and-redsun-defender-zero-days/","fetched":true,"fetchedAt":"2026-05-21T10:03:32.236Z","wordCount":1065}
Threat ID: 6a0ed874ba1db47362794173
Added to database: 5/21/2026, 10:03:32 AM
Last enriched: 5/21/2026, 10:03:41 AM
Last updated: 5/21/2026, 11:41:08 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.