Microsoft has confirmed active exploitation of two security vulnerabilities in its security ecosystem, identified as CVE-2026-41091 and CVE-2026-45498, both evaluated under the CVSS scoring system. The issues affect Microsoft Defender and have raised concerns due to confirmed in-the-wild exploitation and potential impact on enterprise systems. 

The first issue, CVE-2026-41091 (CVSS 7.8), is a privilege escalation vulnerability affecting Microsoft Defender. If successfully exploited, it could allow a local attacker to obtain SYSTEM-level privileges. The flaw is rooted in improper link resolution before file access, commonly described as a “link following” issue. 

Microsoft stated in its adv...