Risk events that matter to specialty insurance
AI-powered event intelligence with automated detection, classification, and transparent review status
RiskEvents
MonitoringImpact: MediumAI Generated

Microsoft Defender Zero-Day Vulnerabilities Exploited in Active Attacks

πŸ‡ΊπŸ‡Έ Microsoft headquarters, Redmond, Washington, USA (global software impact), USFirst detected: 21 May 2026, 09:08Updated: 2d ago1 report
Cyber
PropertyCyberCasualty & Liability
No analyst brief has been published for this event.
No ground report has been published for this event.

Impact Assessment Rationale

MEDIUM: Second-pass historical recalibration. This cyber advisory or vulnerability item is relevant to Cyber and technology-dependent Property/Casualty books, but it does not evidence confirmed insured loss, claims activity, ransomware/business interruption, critical infrastructure outage, or quantified market impact sufficient for HIGH.

View assessment methodology β†’

Loading map...

Geographic Zone Matches

1 active match

  • TRIA Certified Areas
    Rule-basedConfidence 100%

Geographic zone matches are RiskEvents spatial/analytical indicators, not coverage determinations or Lloyd's official classifications.

Summary

Microsoft has begun rolling out security patches for two zero-day vulnerabilities in Microsoft Defender that have been actively exploited in attacks. The vulnerabilities were being leveraged in real-world attacks prior to patch availability. The disclosure follows Microsoft's standard Patch Tuesday cycle and highlights ongoing risks from unpatched endpoint security software. The limited article content constrains full assessment of attacker attribution, targeting scope, or downstream impact.

This summary is AI-generated from linked source reports and may change as more information becomes available. See our correction policy for how to report errors.

Structured Intelligence

known

  • Microsoft confirmed two zero-day vulnerabilities exist in Microsoft Defender
  • Security patches were released on or around 2026-05-20 (Wednesday)
  • Both vulnerabilities have been actively exploited in attacks prior to patching

reported

  • The vulnerabilities were exploited in targeted attacks, though scope and scale of victims is not detailed in the available content

uncertain

  • Attribution of the attacks (state-sponsored, criminal, or other threat actor) is unknown
  • The nature of the vulnerabilities (privilege escalation, remote code execution, etc.) is not specified in the truncated content
  • Whether critical infrastructure or specific sectors were targeted is unknown
  • Geographic scope of the attacks is unclear

Affected Countries

πŸ‡ΊπŸ‡Έ United States

Key Entities

MicrosoftMicrosoft Defender

Sources

Trade Media

Timeline

Status Change29 May 2026, 05:30

Status changed to monitoring

Auto-transitioned: no updates for 6 hours

Status Change29 May 2026, 05:30

Lifecycle changed

active Ò†’ monitoring

Status Change28 May 2026, 22:36

Status changed to active

remediation: existing authoritative signal

Status Change28 May 2026, 22:36

Lifecycle changed

signal Ò†’ active

Initial Detection21 May 2026, 09:08

Initial Detection

Microsoft has begun rolling out security patches for two zero-day vulnerabilities in Microsoft Defender that have been actively exploited in attacks. The vulnerabilities were being leveraged in real-world attacks prior to patch availability. The disclosure follows Microsoft's standard Patch Tuesday cycle and highlights ongoing risks from unpatched endpoint security software. The limited article content constrains full assessment of attacker attribution, targeting scope, or downstream impact.

Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks.

Source: BleepingComputer (Trade Media) Β· View source

← Back to Active Events