Microsoft disclosed two actively exploited vulnerabilities in Defender, CVE-2026-41091 and CVE-2026-45498, which have been patched in the latest versions of Defender. The vulnerabilities, which overlap with previously disclosed zero-days, enable privilege escalation and denial-of-service attacks. Microsoft also addressed a heap-based buffer overflow vulnerability (CVE-2026-45584) in the same update.
https://thehackernews.com/2026/05/microsoft-warns-of-two-actively.html

