CISA Adds Microsoft and Adobe Vulnerabilities to Known Exploited Vulnerabilities Catalog
- May 21
- 2 min read
Key Findings
CISA added seven vulnerabilities to its Known Exploited Vulnerabilities catalog, including Microsoft Defender flaws currently under active exploitation
Two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498) are being actively exploited in the wild
CVE-2026-41091 allows attackers to escalate privileges to SYSTEM level with a CVSS score of 7.8
Five additional legacy vulnerabilities from 2008-2010 were added to the catalog, affecting Windows, Internet Explorer, DirectX, and Adobe Reader
Federal agencies must remediate all identified vulnerabilities by June 3, 2026 under Binding Operational Directive 22-01
Background
The U.S. Cybersecurity and Infrastructure Security Agency maintains a Known Exploited Vulnerabilities catalog to track security flaws that are actively being weaponized by threat actors. Inclusion on this list triggers mandatory remediation timelines for federal agencies. Private organizations are also strongly encouraged to address these vulnerabilities in their infrastructure.
Active Microsoft Defender Exploits
Microsoft disclosed two Defender vulnerabilities currently under active exploitation. CVE-2026-41091 is a privilege escalation flaw exploiting improper link resolution that allows attackers to gain SYSTEM-level privileges on affected systems. The second flaw, CVE-2026-45498, is a denial-of-service vulnerability that can make Defender unavailable or unresponsive, degrading Windows security protections. Microsoft has released patches through Antimalware Platform versions 1.1.26040.8 and 4.18.26040.7. Systems with Defender disabled are not vulnerable to these flaws.
Legacy Windows and Internet Explorer Vulnerabilities
Four older vulnerabilities spanning 2008 to 2010 were added to the catalog. CVE-2008-4250 is a critical buffer overflow in Windows Server Service with a CVSS score of 9.8 that allows remote code execution via crafted RPC requests. It affects Windows XP, Server 2003, Vista, and Server 2008. Two Internet Explorer use-after-free vulnerabilities (CVE-2010-0249 and CVE-2010-0806) enable remote code execution through malicious web content, with CVE-2010-0806 having been exploited as a zero-day by the APT group GREF. CVE-2009-1537 is a DirectX NULL byte overwrite vulnerability affecting multiple Windows versions that can trigger code execution through specially crafted QuickTime files.
Adobe Reader Vulnerability
CVE-2009-3459 is a critical heap-based buffer overflow in Adobe Acrobat and Reader with a CVSS v2 score of 9.3. Attackers can exploit this flaw by distributing specially crafted PDF files that trigger memory corruption and allow arbitrary code execution when opened by users.
Federal Compliance Requirements
Under Binding Operational Directive 22-01, all Federal Civilian Executive Branch agencies must address these vulnerabilities by June 3, 2026. The directive establishes mandatory remediation timelines to protect government networks from exploitation. Private sector organizations should similarly prioritize addressing these flaws in their infrastructure.
Sources
https://securityaffairs.com/192508/security/u-s-cisa-adds-microsoft-and-adobe-flaws-to-its-known-exploited-vulnerabilities-catalog.html
https://thehackernews.com/2026/05/microsoft-warns-of-two-actively.html
https://www.facebook.com/windowsforums/posts/cisa-just-updated-its-known-exploited-vulnerabilities-catalog-with-seven-more-ac/1311738321047540
https://www.cisa.gov/news-events/alerts/2026/05/20/cisa-adds-seven-known-exploited-vulnerabilities-catalog

Comments