< ciso
brief />
Tag Banner

All news with #microsoft tag

836 articles · page 13 of 42

Microsoft: April update causes domain controller loops

⚠️After installing the April 2026 Windows security update (KB5082063), some non‑Global Catalog domain controllers configured with Privileged Access Management (PAM) may experience Local Security Authority Subsystem Service (LSASS) crashes during startup. Affected servers can enter repeated reboot loops, disrupting authentication and directory services and potentially rendering domains unavailable. Microsoft is investigating and advises administrators to contact Microsoft Support for Business for mitigation options until a permanent fix is released.
read more →

New Microsoft Defender 'RedSun' zero-day grants SYSTEM

⚠️ A proof-of-concept for a second Microsoft Defender zero-day, dubbed RedSun, was published by researcher 'Chaotic Eclipse', demonstrating a local privilege escalation that grants SYSTEM privileges on patched Windows 10, Windows 11, and supported Windows Server releases when Defender is enabled. The PoC exploits Defender's handling of cloud-tagged files via the Cloud Files API to overwrite system binaries and achieve code execution as SYSTEM. Security analyst Will Dormann of Tharros confirmed the exploit works; some antivirus products detect elements of the PoC due to an embedded EICAR test file. The researcher says the publication was a protest over interactions with the Microsoft Security Response Center.
read more →

Building a Cryptographic Inventory for Quantum Readiness

🔐 Post-quantum cryptography is imminent, and Microsoft emphasizes that the biggest challenge is locating every use of cryptography across applications, devices, networks, and services. Building a comprehensive, ongoing cryptographic inventory enables risk-based decisions, crypto agility, and regulatory compliance. The article outlines a practical Cryptography Posture Management lifecycle and recommends Microsoft tools—GitHub Advanced Security, Defender suites, Azure Key Vault—and partner integrations to discover, normalize, assess, prioritize, and remediate cryptographic risks.
read more →

ThreatsDay: Defender 0-Day, Excel RCE and Supply Chain Risks

🛡️ This week's bulletin highlights both legacy and emerging threats, including a published Microsoft Defender privilege escalation exploit (RedSun) and a 17‑year‑old Excel RCE (CVE‑2009‑0238) newly added to CISA's KEV. Incidents range from a Zerion hot-wallet compromise (~$100K stolen through AI‑enabled social engineering) to a fake macOS Ledger app that drained about $9.5M. Researchers also disclosed novel C2 frameworks, a WordPress plugin supply-chain backdoor affecting 180k+ installs, and a surge in SonicWall/FortiGate brute-force probing. The collection underscores the need to patch promptly, validate app-store integrity, rotate credentials, and audit third-party dependencies.
read more →

Windows Recall Still Permits Silent Data Extraction

🛡️ A security researcher says Microsoft’s Windows Recall feature remains vulnerable to quiet exfiltration of everything it captures by malware running in the same user context. Alexander Hagenah published a proof-of-concept called TotalRecall Reloaded and disclosed the issue to Microsoft on March 6; Microsoft reviewed and closed the report April 3, calling the behavior "by design." Hagenah says the gap lies not in encryption but in how decrypted screenshots and text are handled and displayed in an unprotected process, allowing same-user code to read Recall data without admin rights or kernel exploits.
read more →

Phishing Paradox: Trusted Brands as Attack Vectors

📧 In Q1 2026, Check Point Research found Microsoft was the most impersonated brand in phishing campaigns, accounting for 22% of brand impersonation attempts. Apple (11%), Google (9%), Amazon (7%) and LinkedIn (6%) followed, reflecting attackers’ focus on both enterprise and consumer ecosystems tied to identity, devices and payments. The report underscores a persistent trend: threat actors exploit trusted brands to harvest credentials and gain initial access to personal and corporate environments.
read more →

April update may fail to install on Windows Server 2025

⚠️ Microsoft is investigating reports that the April KB5082063 cumulative security update fails to install on some Windows Server 2025 systems, with affected devices returning 0x800F0983 installation errors. The company says it is monitoring diagnostic telemetry and observed recurring failures after the April 14, 2026 release. A limited number of servers may also boot into BitLocker recovery and request recovery keys, a condition Microsoft says typically affects enterprise-managed configurations. Microsoft is continuing its investigation and will share additional details as they become available.
read more →

Microsoft Pays $2.3M for Cloud and AI Flaws at Zero Day Quest

🛡️ Microsoft awarded $2.3 million to security researchers after receiving nearly 700 submissions during this year’s Zero Day Quest hacking contest, compensating teams for high‑impact cloud and AI vulnerabilities uncovered at the live event. Participants from more than 20 countries tested within authorized environments under Microsoft’s Rules of Engagement and demonstrated issues such as credential exposure, SSRF chains, and cross‑tenant access without accessing customer data. The contest is part of the Secure Future Initiative, and Microsoft said findings will be shared through the CVE program to strengthen cloud and AI security.
read more →

CISA Flags Exploited Windows Task Host Vulnerability

⚠️ CISA warned federal agencies that a Windows Task Host privilege escalation flaw, tracked as CVE-2025-60710, is being treated as actively exploited and must be patched. The issue affects Windows 11 and Windows Server 2025 and arises from a link-following weakness in the Task Host that lets a local user with basic permissions elevate to SYSTEM. Agencies were given two weeks under BOD 22-01 to remediate; CISA urges all organizations to apply the patch or vendor mitigations immediately.
read more →

April Patch Tuesday: Critical Flaws in SAP, Adobe, Microsoft

🔒 April's Patch Tuesday addresses critical vulnerabilities across major vendors. Patches fix a near-critical SQL injection in SAP (CVE-2026-27681) that enables arbitrary database commands, an actively exploited RCE in Adobe Acrobat Reader (CVE-2026-34621), and numerous high-severity Microsoft, Fortinet, and ColdFusion issues. FortiSandbox fixes close authentication-bypass and command-injection holes, while Adobe's ColdFusion updates remediate multiple code execution and path-traversal flaws. Organizations should prioritize vendor updates and apply mitigations where immediate patching is not possible.
read more →

Some Windows Servers Require BitLocker Key After Apr Update

🔐 Microsoft confirmed that some Windows Server 2025 devices may boot into BitLocker recovery after installing the April 2026 security update KB5082063. The issue affects very specific enterprise configurations where a Group Policy or registry setting includes PCR7 in the TPM platform validation profile while System Information reports Secure Boot State PCR7 Binding as 'Not Possible' and the Windows UEFI CA 2023 certificate is present but the 2023-signed Boot Manager is not yet running. Microsoft says the recovery key entry is required only once and has published workarounds: remove the Group Policy before deployment or apply a Known Issue Rollback (KIR) to prevent triggering BitLocker recovery.
read more →

Microsoft fixes bug causing Windows Server 2025 upgrades

🛠️ Microsoft has fixed a known issue that caused systems running Windows Server 2019 and 2022 to unexpectedly upgrade to Windows Server 2025. The problem was first acknowledged in September 2024 after widespread reports from administrators, and Microsoft says it has re-enabled the in-place upgrade offer via the Settings app. Microsoft previously cited third-party update management configuration, while some vendors said the root cause was a procedural error on Microsoft's side.
read more →

Microsoft April Patch Fixes Two Zero-Day Vulnerabilities

🔒 Microsoft released its April Patch Tuesday update addressing an unusually large set of CVEs, including two zero-day flaws. CVE-2026-32201 is being actively exploited and is a SharePoint server spoofing vulnerability that can manipulate how information is presented to users. The second, CVE-2026-33825, is a publicly disclosed elevation-of-privilege bug in Microsoft Defender that could allow system-level access if chained with other exploits. Administrators are urged to prioritise these fixes and also review a high-risk IKEv2 remote code execution issue rated CVSS 9.8.
read more →

Microsoft Patches SharePoint Zero-Day, 168 Other Flaws

🛡️ Microsoft released updates addressing 169 vulnerabilities across its product portfolio, including an actively exploited SharePoint spoofing flaw (CVE-2026-32201) and 168 additional issues rated from Low to Critical. The fixes primarily remediate privilege escalation, information disclosure, and remote code execution weaknesses, and include a high-severity IKEv2 RCE (CVE-2026-33824, CVSS 9.8) and a publicly known Microsoft Defender privilege escalation (CVE-2026-33825). Organizations are urged to prioritize patches for actively exploited CVEs and critical RCEs and to follow Microsoft and CISA guidance for mitigations.
read more →

April Patch Tuesday: Windows, SharePoint, SAP Fixes

🔒 Microsoft’s April Patch Tuesday addresses 167 vulnerabilities, including an actively exploited SharePoint Server zero-day and a critical Windows IKE remote code execution bug. Administrators should prioritize CVE-2026-32201 in SharePoint and the 9.8-rated CVE-2026-33824 in the Windows IKE service. Temporary mitigations—blocking UDP ports 500/4500 or restricting traffic to known peers—reduce risk but do not replace patching. Teams must also apply critical SAP fixes and validate Microsoft Defender and Active Directory protections.
read more →

Microsoft Adds Protections for Malicious RDP Files Now

🔒 Microsoft has added new protections in the April 2026 cumulative updates to help block malicious Remote Desktop (.rdp) files commonly used in phishing campaigns. After the update users see a one-time educational prompt and, on subsequent opens, a security dialog that lists local resource redirections with every option disabled by default. Unsigned files receive a 'Caution: Unknown remote connection' warning and unknown publisher label. Administrators can temporarily disable the dialog via a registry policy but Microsoft advises keeping the protections enabled.
read more →

Microsoft Patch Tuesday April 2026: 167 Vulnerabilities Fixed

🔒 Microsoft released its April 2026 Patch Tuesday updates addressing 167 security flaws across Windows and related products, including a SharePoint Server zero-day (CVE-2026-32201) and a publicly disclosed Windows Defender privilege escalation dubbed BlueHammer. Google Chrome and Adobe issued emergency fixes for actively exploited zero-days. Administrators should prioritize patches for SharePoint, SQL Server, and Defender and restart browsers to ensure Chromium-based updates are applied.
read more →

Microsoft April 2026 Patch Tuesday: 165 Vulnerabilities

🔒 Microsoft released its April 2026 Patch Tuesday addressing 165 vulnerabilities across Windows, Office, .NET and server components, including eight rated critical. Critical issues include a .NET DoS (CVE-2026-23666), Remote Desktop and Office use-after-free flaws that can lead to code execution (CVE-2026-32157, CVE-2026-32190), multiple Word local code-execution bugs (CVE-2026-33114, CVE-2026-33115), and an IKEv2 double-free enabling remote code execution (CVE-2026-33824). Talos notes SharePoint vulnerability CVE-2026-32201 is being exploited in the wild and has released Snort rules; administrators should prioritize exposed services and apply mitigations such as blocking UDP 500/4500 if IKE is unused.
read more →

Microsoft Issues Windows 10 KB5082200 Extended ESU

🔒 Microsoft has released the Windows 10 KB5082200 extended security update to address the April 2026 Patch Tuesday fixes, including two zero-day vulnerabilities. After installation, Windows 10 is updated to build 19045.7184 and Windows 10 Enterprise LTSC 2021 to build 19044.7184. The update adds Remote Desktop (.rdp) phishing protections, introduces dynamic Secure Boot status indicators in Windows Security, and fixes BitLocker recovery issues on certain Intel Connected Standby devices. Devices enrolled in ESU or running Enterprise LTSC can install via Windows Update.
read more →

Windows 11 April 2026 Cumulative Updates Released KBs

🛡️ Microsoft has released cumulative updates KB5083769 (25H2/24H2) and KB5082052 (23H2) for Windows 11 as part of the April 2026 Patch Tuesday. These mandatory updates deliver security fixes, bug repairs, and several feature refinements, including the ability to toggle Smart App Control without a clean install and richer Narrator image descriptions on Copilot-enabled systems. After installation, affected builds update to 26200.8246 / 26100.8246 (25H2/24H2) and 22631.6936 (23H2). Install through Settings > Windows Update or the Microsoft Update Catalog.
read more →