Windows Hardens Security As KEV Flags Exploited CVEs; OT Risks Rise

Microsoft moved to harden the Windows ecosystem with smartphone-style permission prompts and a new integrity-focused baseline in Windows 11. In parallel, CISA KEV added six actively exploited Microsoft CVEs, sharpening patch urgency across desktops and servers. The day also brought fresh pressure on industrial environments through new ICS advisories, alongside confirmed breaches tied to management-plane exploits in European public-sector networks.

Windows advances and patch priorities

Microsoft is introducing mobile-style consent prompts for sensitive resources and a Windows Baseline Security Mode that enforces runtime integrity so only properly signed apps, services, and drivers run. The company says users and administrators can still allow specific trusted applications, and the rollout will be phased with input from developers and enterprises. These controls align with the vendor’s broader Secure Future Initiative, which also included steps like hardening sign-ins and disabling legacy components in Microsoft 365 and Office apps. The aim is to counter apps that override settings or install unwanted software without clear consent while increasing transparency around AI agents’ behavior.

The six newly listed flaws in CISA KEV — CVE‑2026‑21510, CVE‑2026‑21513, CVE‑2026‑21514, CVE‑2026‑21519, CVE‑2026‑21525, and CVE‑2026‑21533 — span Windows Shell and MSHTML security feature bypasses, Office mitigation bypasses, a Desktop Window Manager elevation of privilege, a Remote Desktop Services elevation of privilege, and a Remote Access Connection Manager denial of service. Under BOD 22‑01, federal agencies must remediate KEV-listed issues by due dates; CISA urges all organizations to prioritize the same vulnerabilities in routine patch workflows.

For environments still on Windows 10 ESU or Enterprise LTSC, Microsoft released the February rollup as KB5075912, moving systems to build 19045.6937 (19044.6937 for LTSC 2021). The update includes fixes for 58 vulnerabilities and six zero‑days, resolves shutdown/hibernation failures tied to Secure Launch/VSM, corrects folder renaming and desktop.ini display issues, and improves graphics stability on certain GPUs. Microsoft also continues a phased refresh of expiring Secure Boot certificates — a prerequisite for maintaining boot integrity and preventing bypasses — with targeting telemetry designed to limit risk during deployment.

Beyond Microsoft, remote‑access and IT service platforms drew urgent attention. CSOonline reports that BeyondTrust patched CVE‑2026‑1731 (CVSS 9.9), an unauthenticated RCE affecting certain self‑hosted Remote Support and Privileged Remote Access versions; on‑premises instances require immediate updates and, where necessary, upgrades to supported releases before patching. Separately, attackers are actively chaining deserialization RCE and authentication bypass bugs in SolarWinds Web Help Desk; CSOonline notes all WHD versions prior to 12.8.7 HF1 are vulnerable, with recommended upgrades to WHD 2026.1, credential resets, network isolation, and investigations for Velociraptor/Cloudflared/Zoho Assist artifacts seen in intrusions.

Industrial systems: remotely exploitable and widely deployed

CISA ICS detailed two critical flaws (CVE‑2026‑25084, CVE‑2026‑24789; CVSS 9.8) in ZLAN5143D v1.600 from ZLAN Information Technology that allow authentication bypass and remote password resets via unprotected functions. The vendor did not respond to coordination efforts, and no patch is referenced. CISA recommends minimizing exposure of control devices, segmenting OT networks from business systems, avoiding Internet access, using up‑to‑date VPNs for remote connections, and applying comprehensive monitoring while awaiting vendor updates.

A second CISA ICS advisory aggregates 14 CVEs affecting Yokogawa’s FAST/TOOLS SCADA platform (versions ≥R9.01 and ≤R10.04), including issues such as verbose error messages, CSRF, weak crypto and legacy SSL/TLS, missing HSTS, insecure headers enabling redirection, and path traversal. Yokogawa recommends upgrading to revision R10.04, applying patch CS_e12787, then installing R10.04 SP3, alongside standard hardening and zoning practices. CISA reiterates isolation of control networks, elimination of Internet exposure, secure remote access, and risk‑informed change management. Why it matters: both advisories involve remotely exploitable weaknesses in products used across critical sectors, where a single exposed edge or misconfiguration can enable broad operational impact.

Management planes targeted: confirmed public‑sector impacts

European institutions and national bodies disclosed breaches linked to recently disclosed Ivanti EPMM zero‑days (CVE‑2026‑1281, CVE‑2026‑1340; both CVSS 9.8). As reported by Infosecurity, the European Commission, Finland’s Valtori, and Dutch agencies including the Council for the Judiciary and the Data Protection Authority said attackers accessed administrative and personnel details such as names, business emails, telephone numbers, and device metadata. Ivanti published fixes; organizations emphasized containment and notifications while cautioning that management‑plane access can enable configuration tampering, certificate abuse, and credential harvesting.

In a separate operations‑focused case, a December 2025 OT/ICS incident in Poland disrupted visibility and control at multiple energy‑sector facilities. A CISA alert summarizing CERT Polska’s report describes initial access via vulnerable Internet‑facing edge devices followed by wiper malware that destroyed HMI data, corrupted firmware, and physically damaged RTUs. Recurring weaknesses included end‑of‑support edge devices, lack of firmware verification, and default credentials. Recommended mitigations include replacing or isolating unsupported devices, enabling and validating firmware verification, enforcing credential changes (including by integrators), improving segmentation and monitoring, maintaining accurate OT inventories, and updating incident‑response playbooks to account for potentially inoperative assets.

AI systems: manipulation risks and unsafe defaults

The Microsoft Defender Security Research Team documented a trend it calls AI Recommendation Poisoning, where actors plant hidden persistence instructions in pre‑filled AI links and “Summarize with AI” prompts to bias assistants’ memories and future outputs. Over 60 days, researchers found more than 50 distinct prompts from 31 companies across 14 industries attempting to make assistants remember or recommend specific brands. Vectors include one‑click URLs that auto‑populate prompts, embedded instructions in content processed by AI, and social engineering. Suggested defenses span user hygiene (inspecting AI links, reviewing/clearing memory, using official interfaces) and enterprise hunts using email, proxy, and browser telemetry, alongside layered mitigations in assistant services.

Separately, Kaspersky assessed the viral open‑source agent OpenClaw as unsafe for general use, citing default trust assumptions and rapid plugin sprawl that expose users to secret theft and remote code execution. The review notes nearly a thousand publicly reachable instances with no authentication and an audit tally of 512 vulnerabilities, eight critical. The team highlights prompt‑injection risks and malicious skill plugins that act as credential stealers, amplified by misconfigured reverse proxies that treat remote attackers as local clients. Recommended mitigations — strict isolation, allowlist‑only ports, burner accounts, injection‑aware LLM choices, and regular deep audits — are operationally heavy, leading to the conclusion that it should be limited to expert experimentation for now. Details are in Kaspersky.

New research summarized by CSOonline shows a fine‑tuning method dubbed GRP‑Obliteration can undo safety alignment across multiple model families using a single training example. Experiments on 15 language models and a safety‑tuned diffusion model yielded broad increases in harmful outputs and reorganized internal refusal‑related subspaces. The findings reinforce that alignment can degrade during customization and point to governance measures such as continuous safety testing during fine‑tuning, layered safeguards, model certification, and security team oversight.