Microsoft has issued a major warning regarding two security flaws in its Defender software that hackers are actively using to attack systems right now. The tech giant revealed that one of the security holes allows attackers to completely take over a computer, while the other can shut the security program down entirely. Cybercriminals are moving fast, and these bugs present a real and immediate danger to unpatched Windows computers worldwide.

The Dangerous Defender Bugs Under Attack

The first and most dangerous security flaw is labeled as CVE-2026-41091. This specific bug allows a hacker to trick the system into following a bad file link. If successful, a low-level user or attacker can secretly boost their access control, gaining full system control over the entire computer. Security experts give this flaw a high danger rating of 7.8 out of 10 because it gives bad actors the keys to the kingdom.

The second security flaw under active exploitation is CVE-2026-45498. While it has a lower danger rating of 4.0, it is still a significant threat. This flaw is a denial-of-service bug, which essentially means a hacker can crash Microsoft Defender and stop it from working. With the antivirus software temporarily disabled, the computer becomes a sitting duck for further malware infections.

Fortunately, Microsoft has already rolled out fixes for these problems. The company fixed the bugs in Microsoft Defender Antimalware Platform versions 1.1.26040.8 and 4.18.26040.7.

Links to Known Zero-Days and Hidden Risks

While Microsoft did not officially say it, independent security researchers note that these two flaws look exactly like “RedSun” and “UnDefend.” These were two zero-day bugs leaked online last month by a hacking group called Chaotic Eclipse, also known as Nightmare-Eclipse. Cybersecurity firm Huntress confirmed that they have seen hackers actively exploiting both of these bugs in the real world, along with a third flaw named BlueHammer.

At the same time, Microsoft quietly fixed a third, hidden danger in Defender version 1.1.26040.8. This bug, labeled CVE-2026-45584, is a memory overflow issue with a scary danger rating of 8.1. If a hacker exploits it, they can remotely run malicious code on a target computer. Luckily, there is currently no proof that hackers have found or used this specific bug yet.

The only good news is that if you have completely disabled Microsoft Defender on your computer, these specific bugs cannot hurt you. Furthermore, most users do not need to do anything manually because Microsoft Defender usually updates its own engine and protection files automatically in the background.

How to Double Check Your System Safety

Even though updates happen automatically, it is highly recommended that you manually double-check your system to make sure you have the latest, safe version of the software. You can easily do this through your standard Windows settings.

First, open the Windows Security app on your computer. Look at the side menu and click on the option for virus and threat protection. From there, find the updates section and click the button to check for new updates. Once that finishes, go to the settings gear in the bottom corner and click on the about section. Here, you need to look at the client version number to make sure it matches or beats the safe versions mentioned earlier.

Government Orders Urgent Action as Older Flaws Resurface

The situation is serious enough that the United States Cybersecurity and Infrastructure Security Agency, also known as CISA, has officially added both Defender bugs to its red list of known exploited vulnerabilities. This means the government considers the threat verified and ongoing. The agency has ordered all federal civilian agencies to patch their systems immediately, setting a strict deadline of June 3, 2026.

This makes a total of three major Microsoft bugs caught being abused by hackers in just one single week. Just days ago, tech experts found out that hackers were weaponizing a flaw in on-premise versions of Exchange Server to launch web-based attacks against corporate email systems.

To make matters worse, the government also added several ancient bugs to its emergency warning list this week. These include old security holes in Internet Explorer, DirectX, and the core Windows Server system dating all the way back to 2008, 2009, and 2010. Hackers are also still actively using an old Adobe Reader bug from 2009 to infect computers through corrupted PDF files. This proves that cybercriminals will use absolutely any tool available, whether it is a brand-new zero-day or a fifteen-year-old security gap, to break into vulnerable systems.