// Alert

Microsoft Azure threat report

CISA added two actively exploited Microsoft Defender vulnerabilities, CVE-2026-45498 and CVE-2026-41091, to its Known Exploited Vulnerabilities catalog on May 20, 2026, with a federal remediation deadline of June 3, 2026. CVE-2026-45498 is a denial-of-service flaw that can stop Microsoft Defender from functioning, allowing attackers to disable endpoint malware protection. CVE-2026-41091 is a link-following (CWE-59) vulnerability that lets a locally authorized attacker abuse symbolic-link handling to escalate to SYSTEM privileges. Microsoft has released patches for both flaws. CISA confirms exploitation in the wild but has not tied the activity to a specific ransomware campaign. Organizations using Microsoft Defender, including in Azure-managed environments, are urged to apply the updates immediately and review endpoint telemetry for tampering.

// Get alerts for Microsoft Azure