CISA Adds Microsoft Defender Flaw to Known Exploited Vulnerabilities Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has included CVE-2026-33825, a Microsoft Defender vulnerability related to insufficient access control, in its Known Exploited Vulnerabilities (KEV) Catalog. This flaw could enable an authorized attacker to escalate privileges locally on affected systems. CISA urges all organizations to prioritize the timely remediation of vulnerabilities listed in the KEV Catalog to reduce their exposure to cyberattacks.