Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
Two actively exploited vulnerabilities in Microsoft Defender compromise the endpoint protection tool itself, potentially allowing attackers to bypass core defense mechanisms.
Comparing 21 May 2026 with the previous day 20 May 2026.
Two actively exploited vulnerabilities in Microsoft Defender compromise the endpoint protection tool itself, potentially allowing attackers to bypass core defense mechanisms.
Microsoft warns of active zero-day exploits targeting Defender components already being weaponized in attacks, requiring urgent patching and configuration remediation.
Attackers are actively exploiting Microsoft Defender vulnerabilities to bypass its protection and compromise BitLocker encryption,indicative of coordinated, sophisticated campaigns targeting Windows-based infrastructure.
BSI advisory discloses multiple vulnerabilities in Microsoft Defender and Malware Protection Engine enabling privilege escalation and remote code execution on Windows Servers , immediate patching required for production environments (WS 2022/2019).
Microsoft alerts to active exploit campaigns specifically targeting Windows Defender vulnerabilities,a direct threat to enterprises running Defender-protected endpoints.
The Yellowkey exploit allows BitLocker bypass without knowledge of the encryption key and requires manual mitigation steps beyond standard patching.
Generic BSI advisory without specific CVE identifiers, affected versions, or exploitation status; describes multiple undefined vulnerabilities without documenting active campaigns or current exploitation.
The accidental disclosure of details about an unpatched Chromium vulnerability increases the risk of exploitation by attackers before a fix is available.
SecurityWeek confirms that UnDefend and RedSun Defender zero-days were actively exploited and Microsoft has released patches, but lacks technical details or threat actor attribution.
Two Microsoft Defender vulnerabilities are being actively exploited, with one elevation of privilege (CVE-2026-41091) being particularly critical and leading to full system compromise.
A kernel bug in IPv6 RPL processing can cause memory corruption, affecting Ubuntu 24.04 LTS.
No changes in this category.
No changes in this category.
Public release of a proof-of-concept for a Windows security feature bypass (YellowKey) prior to patch availability significantly elevates attack risk and requires immediate mitigation measures across all Windows servers.
An RCE vulnerability in Microsoft Defender threatens the integrity of the company's endpoint protection infrastructure and could allow attackers to bypass defensive mechanisms.
YellowKey BitLocker bypass enables local encryption circumvention on Windows systems and requires immediate application of Microsoft mitigations across the company's infrastructure.
The vulnerability enables local privilege escalation through improper symlink resolution in Microsoft Defender, requiring an already-authorized attacker on the system.
Webworm leverages Microsoft Graph API and Discord for command-and-control, representing a novel attack vector against Microsoft 365-enabled organizations with implications for European government and industrial targets.
BSI advisory warning of multiple Microsoft Defender and Malware Protection Engine vulnerabilities without specific CVE numbers or exploitation evidence , typical of aggregated security alert or patch announcement.
A DoS vulnerability in Microsoft Defender is primarily an availability issue for endpoint protection infrastructure requiring prompt patching, but lacks active campaign activity or geopolitical implications for the DACH region.
BSI advisory on multiple MySQL vulnerabilities without specific CVE details; if MySQL is used as a database backend for SAP Business One or Abacus ERP, patches should be prioritized.
BSI advisory covers multiple Windows/Server vulnerabilities without specific CVE numbers , typically a Patch Tuesday aggregate or summary of multiple critical Microsoft security updates as part of routine release cycle.
YellowKey represents a novel BitLocker bypass technique requiring active mitigation deployment, signaling potential exploitation risk by state-sponsored actors targeting encrypted infrastructure.
Microsoft has released mitigations for a Windows zero-day (YellowKey) with no confirmed active exploitation in the wild yet, but it poses an immediate threat to Windows Server environments.
GreenPlasma and Nightmare Eclipse are actively exploitable Windows privilege escalation vulnerabilities with publicly available PoC exploits that work on fully patched systems and enable lateral movement and credential harvesting.