20 May 2026
Reference: CVE-2026-41091
1. What is being reported?
The issue involves Microsoft Defender incorrectly handling links before opening files, which can let someone with limited access on a device gain higher privileges. This means they could potentially do more damage or access sensitive information than they should be able to.
2. What this means in plain English
If an attacker already has some access to your computer, they might use this flaw to take over more of your system. For a small organisation, this could lead to data breaches, disruption of services, or loss of control over important files.
3. Could this affect a small business?
Any small business or charity using Microsoft Defender on their computers could be affected, especially if devices are shared or not tightly controlled. Organisations not using Microsoft Defender or those with strong access controls may be less at risk, but it is best to check.
4. What to do now
- Contact your IT provider immediately to confirm if your Microsoft Defender software is affected.
- Apply any security updates or mitigations recommended by Microsoft as soon as possible.
- Review who has access to your computers and limit privileges to only those necessary.
- If no fix is available, consider disabling Microsoft Defender temporarily or using alternative protection until the issue is resolved.
5. Ask your IT provider
Can you confirm if our Microsoft Defender installation is vulnerable to CVE-2026-41091 and what steps are being taken to protect us?
6. Bottom line
Act quickly to ensure your Microsoft Defender protection is updated or mitigated to prevent attackers from gaining greater control of your systems.
Information based on CISA KEV, NVD, and reputable security reporting.