2 New Microsoft Defender Zero-Days Exploited—Patch Now Rolling Out

Microsoft has confirmed an emergency security update as CISA warns that two new Defender zero-days are being exploited by attackers.
MSN on MSN

CISA just added two Microsoft Defender flaws to the actively exploited list — every federal agency ordered to patch CVE-2026-41091 and CVE-2026-45498 by Wednesday

Every federal civilian agency running Microsoft Defender now faces a two-week countdown to fix two actively exploited security flaws. CISA added CVE-2026-41091 and CVE-2026-45498 to its Known ...