-
Attackers are currently exploiting two security loopholes in Microsoft Defender. one gives them full computer control, the other crashes your antivirus.
-
Microsoft pushed out fixes on Wednesday. But you need to check if they are actually installed.
-
The US Cybersecurity & Infrastructure Security Agency has instructed all federal agencies to apply the fixes by June 3.
Microsoft found two holes in its Defender security tool. Bad guys are already using them to break into computers. The holes affect millions of Windows machines.
One bug lets attackers take over your system. The other just turns off your protection. Microsoft released updates on Wednesday. But you still need to double-check your computer.
Details of the New Defender Vulnerabilities
The first bug, referred to as CVE-2026-41091, makes a mess of Microsoft’s Malware Protection Engine. Security folks slapped a 7.8 out of 10 on the danger scale. This bug actually hunts down Microsoft’s own antivirus and antispyware programs, and then just straight up deletes them.
So what went wrong? The engine mishandles shortcuts. Attackers trick it into giving them top-level access. We call that SYSTEM privileges. That is the highest level on Windows.
Once someone gets SYSTEM access, they own your computer. They can install anything. Steal your files. Turn off your other security tools. If you’re running older Defender versions up to 1.1.26030.3008, those are flawed. You need to update.
Then there’s another bug too, CVE-2026-45498 with a CVSS rating of 4.0. This one hits the Microsoft Defender Antimalware Platform. The same platform also runs on older security tools like System Center and Security Essentials.
What does this bug do? It causes denial-of-service. That means it is capable of disrupting antivirus programs. Your protection just stops working. The flawed Defender versions include 4.18.26030.3011 and other older versions.
Five users spotted these bugs and notified Microsoft. Their names are Sibusiso, Diffract, Andrew C. Dorman (also known as ACD421), Damir Moldovanov, and someone who wants to stay anonymous.
How to Check If You Are Safe
Microsoft says most people do not need to do anything. Your computer updates itself by default. That is usually true. But you should still check. Here is how.
Open Windows Security. Type “Security” in your search bar. Click the Windows Security app when it pops up.
Look at the left side. Click Virus & threat protection. Then click Protection Updates. Now click Check for updates. Let it run.
Go back to the left side again. Click Settings. Then click About. Look for the Antimalware ClientVersion. Write down that number.
You are safe if you see version 1.1.26040.8 or higher. Also safe if you see 4.18.26040.7 or higher. Anything lower means you need to update.
One more thing. If you turn off Microsoft Defender, these bugs cannot hurt you. But having no antivirus is a bad idea. Turn it back on.
The Government Is Taking This Seriously
CISA is the US government’s cybersecurity agency. They do not mess around with active attacks. They added both bugs to their Known Exploited Vulnerabilities catalog. That is their watchlist of real threats.
CISA told all Federal Civilian Executive Branch agencies to patch everything by June 3, which is just two weeks from now. The agency says this kind of vulnerability is a common attack vector that bad actors use very often these days.
This isn’t the only actively exploited vulnerability. Hackers are also exploiting a cPanel flaw to wipe websites and deploy ransomware, another reminder of the importance of timely patching.
They gave clear instructions on how to stop attackers from exploiting these zero-days. Apply the fixes. Follow Microsoft’s advice. Or stop using the product if you cannot patch it.
What Ignoring This Might Cost You
If you do not check your Defender version and update it, a couple of things could go wrong. The first bug hits your computer. An attacker gains SYSTEM access. They can read your emails. Steal your passwords. Install ransomware that locks all your files.
Now imagine the second bug instead. Your antivirus just crashes. You get no warning. No pop-ups. Nothing. You think you are protected. But you are not. Bad guys can walk right in.
Microsoft has not shared details about who is using these bugs. They did not name any hacker groups. But CISA would not push a two-week deadline for a small problem. This is serious.
Easy Steps To Protect Yourself
Step one. Check your Defender version right now. Do not wait until tomorrow. The steps above take maybe three minutes.
Step two. Turn on automatic updates if you turn them off. Go to Windows Security. Click Virus & threat protection. Click Protection Updates. Make sure both “Install definition updates automatically” and “Install platform updates automatically” are on.
Step three. Keep Microsoft Defender running. Some people turn it off to use Norton or McAfee. That leaves you exposed to these bugs. Run Defender alongside your other antivirus.
Step four. Update your BitLocker settings too. Microsoft shared fixes for another bug called YellowKey on Tuesday. That one lets attackers unlock your protected drives. Patch that at the same time.
Step five. Watch for weird computer behavior. Does your PC crash for no reason? That could be the DoS bug. Do you see new admin accounts you did not create? That could be the privilege escalation bug. If you notice anything strange, let your IT team know.
Microsoft has already released the updates that’ll fix the bug, versions 1.1.26040.8 & 4.18.26040.7. These updates typically install by themselves. But please check anyway.
CISA gave government workers two weeks. You should patch today. Not because I said so. Because attackers are already using these bugs right now.
