Three proof-of-concept exploits are being used in active attacks against Microsoft's built-in security platform; two are unpatched. This indicates ongoing cyber operations targeting a critical system component with available exploitation code and limited defensive patching options.