Tag: microsoft
-
New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
A researcher known as “Chaotic Eclipse” has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed “RedSun,” in the past two weeks, protesting how the company works with cybersecurity researchers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/new-microsoft-defender-redsun-zero-day-poc-grants-system-privileges/
-
April Windows Server 2025 update may fail to install
Microsoft is investigating an issue causing this month’s KB5082063 security update to fail to install on some Windows Server 2025 systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-april-windows-server-2025-update-may-fail-to-install/
-
Privilege Elevation Dominates Massive Microsoft Patch Update
Elevation-of-privilege bugs accounted for more than half of the 165 vulnerabilities patched, with two zero-days in that mix. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/privilege-elevation-dominates-microsoft-patch-update
-
Microsoft ends desktop detour for sensitivity labels in Office web apps
Microsoft is rolling out an update to Office for the web that removes a long-standing limitation around document protection, adding new control to browser-based apps. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/15/microsoft-office-sensitivity-labels-permissions/
-
Microsoft adds Windows protections for malicious Remote Desktop files
Microsoft has introduced new Windows protections to defend against phishing attacks that abuse Remote Desktop connection (.rdp) files, adding warnings and disabling risky shared resources by default. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-adds-windows-protections-for-malicious-remote-desktop-files/
-
Microsoft drops its second-largest monthly batch of defects on record
The vendor disclosed one actively exploited zero-day vulnerability in Microsoft Office SharePoint that allows attackers to view information and make changes to disclosed information. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-patch-tuesday-april-2026/
-
Microsoft’s massive Patch Tuesday: It’s raining bugs
One CVE under attack, one already disclosed by angry bug hunter, and 163 more First seen on theregister.com Jump to article: www.theregister.com/2026/04/14/microsofts_massive_patch_tuesday/
-
Microsoft’s April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201)
Tags: advisory, api, attack, best-practice, cloud, container, cve, cvss, cyber, data, exploit, firewall, firmware, flaw, framework, github, Internet, malicious, microsoft, mitigation, office, powershell, rce, remote-code-execution, service, software, sql, startup, tool, update, vulnerability, windows, zero-day8Critical 154Important 1Moderate 0Low Microsoft addresses 163 CVEs in the April 2026 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild. Microsoft patched 163 CVEs in its April 2026 Patch Tuesday release, with eight rated critical, 154 rated as important and one rated as moderate. This is the second…
-
Microsoft Discloses ‘Monstrous’ Number Of Bugs As AI Discoveries Surge: Researcher
The unusually large number of CVEs (Common Vulnerabilities and Exposures) disclosed by Microsoft Tuesday is “likely” to be linked to AI-related developments, including the increasing discoveries of vulnerabilities using LLM-powered tools, according to a TrendAI researcher. First seen on crn.com Jump to article: www.crn.com/news/security/2026/microsoft-discloses-monstrous-number-of-bugs-as-ai-discoveries-surge-researcher
-
Microsoft Patch Tuesday for April 2026 – Snort Rule and Prominent Vulnerabilities
Overview of patch tuesday release from Microsoft for April 2026. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/microsoft-patch-tuesday-april-2026/
-
Microsoft releases Windows 10 KB5082200 extended security update
Microsoft has released the Windows 10 KB5082200 extended security update to fix the April 2026 Patch Tuesday vulnerabilities, including 2 zero-days. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5082200-extended-security-update/
-
Windows 11 cumulative updates KB5083769 & KB5082052 released
Microsoft has released Windows 11 KB5083769 and KB5082052 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-cumulative-updates-kb5083769-and-kb5082052-released/
-
Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
Today is Microsoft’s April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-april-2026-patch-tuesday-fixes-167-flaws-2-zero-days/
-
Microsoft rolls out fast-track to reinstate Windows hardware dev accounts
Microsoft has rolled out a fast-track process to help developers regain access to accounts recently suspended from its Windows Hardware Program, following widespread complaints that they were locked out without warning. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-fast-track-to-reinstate-windows-hardware-dev-accounts/
-
Martin Baron ist neuer Channel-Manager bei Coreview
Tags: microsoftMartin Baron ist neuer Channel Account Manager für DACH und Osteuropa bei Coreview, Spezialist für den Schutz und das Management von Microsoft-365-Tenants. Sein Schwerpunkt liegt dabei auf der Entwicklung und Umsetzung der Partnerstrategie und dem Ausbau des Partner-Ökosystems. Nach Lukas Haas und Nurschan Bisenov als Enterprise Account Executives ist Baron somit die dritte Verstärkung des…
-
DavMail 6.6.0 patches a regex flaw and advances its Microsoft Graph backend
Organizations that run DavMail to bridge standard mail clients to Microsoft Exchange or Office 365 received an update this week. Version 6.6.0 addresses a code-scanning alert … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/14/davmail-6-6-0-released/
-
CISA Alerts on Exploited Microsoft Exchange and Windows CLFS Security Flaws
Tags: cisa, cyber, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert regarding two actively exploited security vulnerabilities in Microsoft products. Added to the Known Exploited Vulnerabilities (KEV) catalog on April 13, 2026, these flaws impact the Microsoft Windows Common Log File System (CLFS) and Microsoft Exchange Server. Federal agencies and private organizations are strongly…
-
U.S. CISA adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog
Tags: adobe, apple, cisa, cybersecurity, exploit, flaw, fortinet, infrastructure, kev, microsoft, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: Last week,…
-
Windows 11: Microsoft testet freie Datumswahl für Updates
Microsoft testet unter Windows 11 eine Kalender-Auswahl für Update-Pausen. Ab Mai 2026 soll zudem Hotpatching störende Neustarts minimieren. First seen on golem.de Jump to article: www.golem.de/news/windows-11-microsoft-testet-freie-datumswahl-fuer-updates-2604-207525.html
-
CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
Tags: adobe, cisa, cve, cybersecurity, exploit, flaw, fortinet, infrastructure, injection, microsoft, software, sql, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The list of vulnerabilities is as follows -CVE-2026-21643 (CVSS score: 9.1) – An SQL injection vulnerability in Fortinet FortiClient EMS that could allow an unauthenticated attacker to First seen on thehackernews.com…
-
Zombie Microsoft bugs rise from the dead, pave way for crims and ransomware scum
One was patched almost 14 years ago First seen on theregister.com Jump to article: www.theregister.com/2026/04/13/ransomware_gang_other_crims_attacking/
-
Claude Mythos Could Flood Vendors With Fixes They Deferred
Ex-Microsoft CIO: Mythos Could Surface Known Flaws Faster Than Vendors Can Fix Them. Former Microsoft CIO Jim DuBois and IDC’s Frank Dickson say Claude Mythos Preview could rapidly surface long-known but unfixed software flaws at scale, forcing vendors and enterprises to strengthen patch validation, orchestration and deployment before attackers exploit the backlog. First seen on…
-
Mailbox Rule Abuse Emerges as Stealthy Post-Compromise Threat
Attackers are abusing Microsoft 365 mailbox rules to hide activity, exfiltrate data and retain access after account compromise, researchers warn First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/mailbox-rule-abuse-stealthy-post/
-
Kein Fix erwartet: Uhr auf Windows-Sperrbildschirm geht absichtlich nach
Die Uhrzeit auf dem Lockscreen von Windows aktualisiert sich teilweise verzögert. Microsoft will daran nichts ändern. Das Verhalten sei beabsichtigt. First seen on golem.de Jump to article: www.golem.de/news/kein-fix-erwartet-uhr-auf-windows-sperrbildschirm-geht-absichtlich-nach-2604-207497.html
-
NHS pays £46K to prep next Microsoft licensing round
Benchmarking contract lays groundwork for renegotiating £774M software agreement First seen on theregister.com Jump to article: www.theregister.com/2026/04/13/nhs_benchmarking_microsoft/
-
ADN CSP-Thementage 2026: Ein Juni voller Impulse für das Microsoft-Ökosystem
Tags: microsoftFünf Dienstage, fünf Schwerpunkte und ein klares Ziel: Microsoft-Partner fit für die nächste Evolutionsstufe ihres CSP-Geschäfts zu machen. Kostenlose Teilnahme. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/adn-csp-thementage-2026-ein-juni-voller-impulse-fuer-das-microsoft-oekosystem/a44559/
-
Microsoft’s Copilot strategy is just more user abuse from Redmond, says Mozilla
Firefox maker warns old web tactics are now shaping AI at the expense of user choice First seen on theregister.com Jump to article: www.theregister.com/2026/04/10/mozilla_microsofts_copilot_strategy/
-
Third-Party Android Vulnerability Leaves Over 50M Users Exposed
A flaw in the EngageLab SDK exposed 50 million Android users, allowing malicious apps to exploit trusted permissions and access sensitive data. The post Microsoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-engagelab-sdk-android-vulnerability-malware-bridge/