Security News > 2021 > January > Microsoft patches Defender antivirus zero-day exploited in the wild
Microsoft has addressed a zero-day vulnerability in the Microsoft Defender antivirus, exploited in the wild by threat actors before the patch was released.
"Customers should verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded and installed for their Microsoft antimalware products," Microsoft says.
"In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine," Microsoft says.
Microsoft Defender keeps both the Malware Protection Engine and malware definitions automatically up to date for both enterprise deployments as well as end-users.
Usually, Microsoft Malware Protection Engine updates are released once a month or when needed to protect against newly discovered threats while malware definitions are updated three times per day.
Microsoft has not yet released an official patch for a zero-day privilege escalation vulnerability in the Microsoft PSExec utility.
News URL
Related news
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)