Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days
The bugs could be exploited to elevate privileges to System or create a denial-of-service (DoS) condition. The post Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days appeared first on SecurityWeek.
Microsoft this week released patches for two vulnerabilities in Defender, warning they have been exploited in the wild as zero-days.
The first, tracked as CVE-2026-41091 (CVSS score of 7.8), is described as a link-following issue that allows attackers to elevate their privileges to System.
“Improper link resolution before file access (‘link following’) in Microsoft Defender allows an authorized attacker to elevate privileges locally,” Microsoft notes in its bare-bones advisory.
Source: https://www.securityweek.com/microsoft-patches-exploited-undefend-and-redsun-defender-zero-days/
Related breach coverage
- Researcher Drops YellowKey, GreenPlasma Windows Zero-Days2026-05-14
YellowKey is a BitLocker bypass that requires physical access. GreenPlasma enables elevation of privileges to System. The post Researcher Drops YellowKey, GreenPlasma Windows Zero-Days appeared first on SecurityWeek.
- TrendAI Patches Apex One Zero-Day Exploited in the Wild2026-05-22
CVE-2026-34926 is a directory traversal flaw that can be exploited against the on-premise version of Apex One. The post TrendAI Patches Apex One Zero-Day Exploited in the Wild appeared first on SecurityWeek.
- Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 20262026-05-15
The zero-day, tracked as CVE-2026-20182, has been exploited in targeted attacks by a sophisticated threat actor identified as UAT-8616. The post Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026 appeared first on SecurityWeek.
- Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild2026-05-15
Microsoft has shared mitigations for CVE-2026-42897 until a permanent patch can be released for affected Exchange Server versions. The post Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild appeared first on SecurityWeek.