Two Microsoft zero-days affecting its Defender antimalware suite are being actively exploited to trigger denial-of-service (DoS) states on unpatched Windows devices. The first flaw, tracked as CVE-2026-41091 (CVSS: 7.8), is a privilege escalation vulnerability impacting the Microsoft Malware Protection Engine versions 1.1.26030.3008 and earlier. This engine provides scanning, detection, and cleaning functions for Microsoft’s native security software. The vulnerability arises from an improper li
