:

MICROSOFT PATCHES DEFENDER ZERO-DAYS IN ACTIVE ATTACKS

SECURITY DESK1 MIN READ
THU, MAY 21, 2026

■ AI-SUMMARIZED FROM 4 SOURCES ▸ TIMELINE

Microsoft released security patches Wednesday for two Windows Defender vulnerabilities being actively exploited by attackers. The zero-day flaws pose immediate risk to unpatched systems.

Microsoft began deploying fixes for the two critical Defender vulnerabilities this week after confirming they were already under active exploitation. The timing suggests attackers discovered and weaponized the flaws before Microsoft's awareness, giving threat actors a window to target vulnerable systems. The company did not immediately disclose detailed technical specifications about the vulnerabilities or the scope of attacks. However, the decision to expedite patches indicates Microsoft assessed the threats as severe enough to warrant priority distribution. Zero-day exploits—attacks leveraging previously unknown security flaws—are particularly dangerous because defenders have no advance notice to develop protections. Windows Defender's central role in system security makes vulnerabilities in the software especially valuable to threat actors. Organizations running affected Defender versions should apply patches immediately through Windows Update or Microsoft's security portal. Users can check their system settings to verify automatic updates are enabled. This incident underscores ongoing pressure on Microsoft to maintain security across its sprawling software ecosystem. Defender vulnerabilities are particularly sensitive given their privileged system access and widespread deployment across consumer and enterprise environments. Microsoft has not attributed the attacks to specific threat groups or disclosed affected customer counts. The company typically provides more details in security advisories published on its website. Users who cannot immediately patch should consider implementing additional defensive measures, including disabling unnecessary features, restricting administrative access, and monitoring for suspicious system activity.

■ SOURCES

TechCrunchBleeping ComputerBleeping ComputerBleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Surveillance technology company Flock Safety did not issue a cease-and-desist letter to The Saturday Salon, a Newport Beach lecture series, despite claims posted on Instagram Thursday. The incident reignites debate over the company's practices and relationship with law enforcement.

JUST NOWSecurity Desk

The US Cybersecurity and Infrastructure Security Agency revealed it lacked a prepared incident response plan during a recent security event, forcing it to develop procedures in real time.

JUST NOWSecurity Desk

Research reveals that terrorist group Boko Haram is leveraging advanced AI technologies to enhance operational capabilities. A new report documents how the organization has integrated frontier AI systems into recruitment, planning, and execution efforts.

3H AGOAI Desk

Researchers have discovered six vulnerabilities in U-Boot, a bootloader used across millions of devices, that could allow attackers to execute malicious code during device startup. The flaws could enable persistent malware installation while bypassing security protections.

3H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.