Main points
- Microsoft has released emergency security updates for Defender antivirus due to zero-day vulnerabilities that were actively used to bypass protection.
- Windows users are advised to install updates immediately to protect their data from cyberattacks.
Microsoft has released an urgent update / Collage of Channel 24 / Photo by Depositphotos
Microsoft has released emergency security updates for its proprietary Defender antivirus. The developers had to hurry, as the discovered zero-day vulnerabilities were already being actively used by attackers to bypass the operating system's protection.
Windows users have received an important security update. As reported by BleepingComputer, the American technology giant Microsoft has officially confirmed that the discovered gaps in the Defender security system were actively used by attackers to carry out cyberattacks even before the developers had time to create and release the corresponding fixes.
What exactly happened?
Microsoft has announced two new zero-day vulnerabilities in Microsoft Defender components that are already being exploited in real-world attacks. These are CVE-2026-41091 and CVE-2026-45498 .
- The first issue , CVE-2026-41091, affects Microsoft Malware Protection Engine versions 1.1.26030.3008 and older. This engine is responsible for scanning, detecting, and cleaning malware in Microsoft's antivirus solutions.
The vulnerability involves improper handling of links before accessing files. This could allow attackers to gain SYSTEM level privileges, the highest level of access in Windows. This could effectively give them complete control over the computer if exploited successfully.
- The second issue , CVE-2026-45498, affects Microsoft Defender Antimalware Platform versions 4.18.26030.3011 and older. This component is used not only in Windows Defender, but also in a number of Microsoft enterprise solutions, including System Center Endpoint Protection and Security Essentials.
According to Microsoft, this vulnerability could cause a denial of service (DoS) condition, which could cause individual systems to become inoperable or unstable during an attack.
The situation is so serious that the US Cybersecurity Agency has ordered federal agencies to update their systems by June 3.
Such vulnerabilities are often targeted by malicious cybercriminals and pose a significant threat to federal agencies,
– the department commented.
Why are these vulnerabilities so dangerous?
It's worth explaining what a zero-day vulnerability is. It's like having a hidden flaw in your secure front door lock that only the attacker knows about, but not the lock manufacturer. “Zero-day” means that developers have exactly zero days to fix the bug because hackers have already found the “loophole” and are using it to break into your system.
How to protect yourself?
To address the issues, Microsoft has released updates to Malware Protection Engine 1.1.26040.8 and Antimalware Platform 4.18.26040.7 .
You don't need to do anything – the company commented that most users will receive patches automatically through the standard Defender update mechanism.
However, Microsoft recommends that you check to see if your system has actually installed the latest updates. To do this, you need to:
- Open the Windows Security app. For example, type “Security” in the search bar, and then select the Windows Security app.
- In the navigation panel, select “Virus & threat protection”.
- Then, in the “Virus & threat protection” section, click “Update protection.”
- Select “Check for updates”.
- In the navigation bar, select “Settings”, and then “About”.
- Check the version number of the Antimalware client.
Important: The update was successfully installed if the anti-malware platform version number or package version number matches or is higher than the values listed above.
Patches for two critical vulnerabilities in Microsoft Defender antivirus began rolling out on Wednesday, May 20, 2026. The company urges users to update their systems immediately to protect their data from possible compromise. Details on the scale of the attacks and the specific hacking groups that exploited these security holes remain limited, but the fact that emergency patches are being released indicates the seriousness of the threat.
What is Microsoft Defender?
Microsoft Defender (formerly called Windows Defender) is an antivirus built into the Windows operating system that works after configuring the system so that the user does not need third-party applications.
Since this antivirus is installed by default on millions of computers around the world, any vulnerabilities found in it automatically put a huge number of users at risk – from ordinary people to large corporations and government agencies.
How to protect yourself from cyber threats?
This event once again reminds us that even the most reliable and popular security systems are not perfect. Cybercriminals are constantly looking for new ways to bypass protection, so developers have to play ahead, quickly responding to detected threats.
For ordinary users and system administrators, this incident is a clear signal: regularly updating software and operating systems is not just a recommendation, but a critical necessity for maintaining digital security. Timely installation of patches allows you to close “loopholes” before attackers have time to exploit them.
What other serious vulnerabilities have been discovered in Microsoft and Google products recently?
The last few months have been particularly busy for Microsoft and Google in the cybersecurity space. In addition to new zero-days in Defender, Microsoft also had to respond to the scandal surrounding the YellowKey vulnerability in BitLocker. Researchers from HelpNetSecurity have shown that under certain conditions, disk encryption protection can be bypassed using a regular USB flash drive and the Windows Recovery Environment. The issue has been assigned the identifier CVE-2026-45585 .
Another high-profile story involves the MiniPlasma vulnerability in the Windows Cloud Filter driver. Researchers at Level Blue claim that the issue actually remained active even after Microsoft's previous “patch.” The vulnerability allows elevation of privilege to SYSTEM level even on fully updated Windows 11.
The company's web browser has also been the target of serious threats. Experts have discovered that Microsoft Edge automatically loads saved passwords into the process's memory in plaintext, allowing attackers with administrator privileges to easily steal users' sensitive data.
In general, the problem of zero-day vulnerabilities is global and does not only concern Microsoft's products. Other technology giants are also forced to respond quickly to similar challenges when hackers begin to exploit errors in the code even before official patches are released.
A prime example is the emergency security update that had to be released for the world's most popular web browser when a dangerous bug was discovered in Google Chrome's JavaScript engine V8. This “type confusion” flaw was actively used by attackers in real-world conditions to attack users, forcing developers to act as quickly as possible to protect millions of devices.