Three Defender Zero-Days Under Active Exploitation, Two Remain Unpatched

Three zero-day vulnerabilities in Microsoft Defender are being actively exploited in the wild, with only one of the flaws currently addressed by a patch. The remaining two bugs leave defenders in the awkward position of running the very product meant to protect them while waiting for a fix.

Zero-days in endpoint security tooling are a particularly ugly class of exposure - the agent runs with high privileges across the fleet, and exploitation typically lands attackers in a position of deep trust before any detection logic has a chance to fire. Organisations relying on Defender as a primary control should treat this as a prompt to verify compensating detections, tighten EDR telemetry review, and prepare accelerated patch deployment windows the moment Microsoft ships the remaining fixes.