Serial number: AV26-489
Date: May 20, 2026
On May 18 and 19, 2026, Microsoft published security advisories to address vulnerabilities, including some critical ones, in the following products:
- Microsoft Azure Local
- Microsoft Azure Resource Manager
- Microsoft Azure Portal Windows Admin Center
- Microsoft Bitlocker
- Microsoft Malware Protection Engine – versions prior to 1.1.26040.8
- Microsoft Defender – versions prior to 4.18.26040.7
On May 20, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-41091 and CVE-2026-45498 to their Known Exploited Vulnerabilities (KEV) Database.
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates, when available.