Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker to gain SYSTEM privileges. "Improper link resolution before file access ('link following') in Microsoft Defender

The article reports two actively exploited Microsoft Defender vulnerabilities, including CVE-2026-41091, a privilege escalation flaw (CVSS 7.8) that allows attackers to gain SYSTEM-level privileges, and a denial-of-service issue, both abused in the wild according to Microsoft. These are traditional endpoint/OS security issues, not AI-specific bugs, but they directly affect a core security control that many AI workloads rely on for host and data protection. From a CyberSE.AI perspective, compromised Defender on AI-hosting infrastructure (e.g., servers running AI agents, model-serving APIs, or vector databases) increases the risk of downstream AI data leakage, model tampering, and malicious AI use because an attacker with SYSTEM privileges can disable protections, modify AI service binaries or configurations, and access sensitive model inputs/outputs. Organizations should treat this as an AI supply chain exposure and ensure prompt patching, continuous validation of endpoint integrity on AI infrastructure, and inclusion of security tooling like Defender in their SBOM and AI supply chain risk reviews.