// Alert

Microsoft 365 threat report

Microsoft has confirmed active exploitation of two Microsoft Defender vulnerabilities, CVE-2026-41091 and CVE-2026-45498, and CISA added both to its Known Exploited Vulnerabilities catalog on May 20, 2026. CVE-2026-41091 is a local privilege escalation in the Microsoft Malware Protection Engine that can yield SYSTEM privileges due to improper link resolution, while CVE-2026-45498 is a denial-of-service flaw in the Microsoft Defender Antimalware Platform that can disable protection. Fixes are delivered in Malware Protection Engine v1.1.26040.8 and Antimalware Platform v4.18.26040.7, which roll out automatically under default configurations. Reporting links the exploitation wave to proof-of-concept code published by a researcher using the handle Nightmare Eclipse, with Huntress observing an attacker chaining the BlueHammer, RedSun, and UnDefend exploits. CISA's KEV listing requires US federal civilian agencies to apply patches or remove the product by June 3, 2026.

// Get alerts for Microsoft 365