< ciso
brief />
Tag Banner

All news with #microsoft tag

835 articles · page 3 of 42

Microsoft fixes Windows Server 2016 update failures

🔧 Microsoft resolved a known issue that caused the June 2026 security update (KB5094122) to fail on Windows Server 2016 systems that were missing the prior month's KB5087537 update. Administrators had reported 0x80070002 or FILE_NOT_FOUND errors during installation. Microsoft confirmed the installation issue is fixed and affected devices should no longer experience failures deploying the June 2026 update. This follows several recent fixes for update- and boot-related problems across Windows releases.
read more →

Advancing Enterprise Security with AI-Driven Scanning

🛡️ Microsoft Security describes codename MDASH, a multi-model agentic scanning system built to discover, validate, and help remediate software vulnerabilities at enterprise scale. The system orchestrates specialized AI agents in a structured pipeline and integrates findings into Microsoft Defender, GitHub, and Azure DevOps workflows so issues become actionable engineering work. Early use across Windows, Azure, and identity teams uncovered numerous high-severity vulnerabilities before exploitation and helped raise CyberGym benchmark performance to 96.5%. The post reviews deployment lessons, failure modes, and planned improvements like fuzzing integration and broader artifact support.
read more →

Microsoft named Leader in Forrester XDR Wave 2026

🛡️ Microsoft has been named a Leader in The Forrester Wave™: Extended Detection and Response Platforms, Q2 2026, earning the top Strategy and Vision scores. The report highlights Microsoft Defender and Microsoft Threat Intelligence for high marks across identity detection, cloud detection, SIEM replacement, threat hunting, and more. Microsoft emphasizes an XDR foundation that unifies signals across identities, endpoints, email, SaaS, and cloud workloads to enable coordinated, AI-assisted attack disruption and faster SOC operations.
read more →

Microsoft Confirms RoguePlanet Defender Zero-Day

🛡️ Microsoft disclosed it is preparing a patch for a Defender zero-day tracked as RoguePlanet, now identified as CVE-2026-50656 with a CVSS score of 7.8. The company classifies the issue as a privilege escalation in the Microsoft Malware Protection Engine and says it is working on a quality security update. The exploit was publicly released by researcher Chaotic Eclipse (aka Nightmare-Eclipse), who described it as a race condition that can yield SYSTEM-level shells and may work irrespective of real-time protection settings.
read more →

AI-Driven Identity Security: Microsoft Entra Updates

🔒 AI is accelerating cyberattacks, increasing speed and scale across the attack chain while identity remains a primary entry point. Microsoft highlights integrated visibility and response through Microsoft Entra and Microsoft Defender, including a unified identity risk score and an updated Entra ID Protection experience. New features aim to reduce fragmentation, enable least-privilege response roles, and automate policy optimization to help teams prevent, detect, and respond faster.
read more →

Microsoft confirms Office launch issue after June updates

🛠️ Microsoft is investigating reports that certain third-party applications may be unable to launch Word, Excel, PowerPoint, Access, and other Office apps or open documents after installing Windows updates released on or after June 9, 2026. The problem affects apps that use OLE automation, sometimes causing Office apps or documents to fail to open without an error. Microsoft advises opening Office files directly or contacting Microsoft Support for Business for enterprise workarounds while a fix is developed.
read more →

Microsoft developing patch for Defender RoguePlanet zero-day

🔒 Microsoft is investigating and preparing a security update for a Microsoft Defender elevation-of-privilege vulnerability publicly dubbed RoguePlanet. The flaw, now tracked as CVE-2026-50656, was disclosed with a proof-of-concept last week and reportedly allows spawning SYSTEM-level command prompts via a Defender race condition on fully patched Windows 10 and 11 devices. Microsoft confirmed it is working on a high-quality security update and will publish details in the CVE entry when available.
read more →

Microsoft Claims Defender May Replace Other Email Tools

📧 Microsoft’s benchmarking suggests Defender for Office 365 catches most malicious and spam email pre-delivery and removes nearly all threats that reach inboxes, with integrated partners adding negligible improvement. Experts caution against interpreting raw catch rates as proof that one-vendor stacks suffice, noting that small percentages can still represent high-impact incidents and that diverse tools and detection methods remain valuable.
read more →

GhostTree attack uses NTFS junctions to hide malware

🛡️ Attackers abuse NTFS junctions to create recursive directory loops that generate effectively infinite file paths, causing recursive scans and EDR products to hang. With only write access, an attacker can create junctions that point back to parent folders, producing GhostBranch or the more expansive GhostTree structures. These loops multiply possible paths exponentially, preventing file scanners from reaching malicious files and enabling evasion. Microsoft was notified and later patched the issue.
read more →

Ransomware gang hides C2 traffic via Teams relays

🔒 Symantec warns that DragonForce ransomware used a custom Go-based backdoor, Backdoor.Turn, to hide command-and-control traffic by abusing Microsoft Teams' TURN relay infrastructure. The malware obtains anonymous Teams visitor tokens and tunnels C2 communications through legitimate TURN relays, making malicious traffic appear as normal Teams activity. The campaign, observed in December 2025, also used BYOVD drivers for kernel privileges and extensive post-exploitation tools to exfiltrate data and deploy ransomware.
read more →

Microsoft Defender email security benchmarking insights

📊 Over the past year Microsoft published quarterly, real‑world benchmarking that compares Microsoft Defender against secure email gateway (SEG) and integrated cloud email security (ICES) vendors. The reports show Defender consistently misses fewer high‑severity threats pre‑delivery, while ICES vendors mainly improve promotional and bulk filtering. Defender’s post‑delivery remediation contribution has risen substantially, underscoring its role as a critical backstop.
read more →

One-click Microsoft 365 Copilot SearchLeak flaw

🔎 Researchers at Varonis chained three bugs into a one-click exfiltration path dubbed SearchLeak that could have pulled emails, calendar entries, and indexed files from Microsoft 365 Copilot Enterprise Search. Because the malicious link used a legitimate microsoft.com domain, URL filters and anti-phishing tools were unlikely to block it. Microsoft assigned CVE-2026-42824, mitigated the issue on its backend, and Varonis released a proof-of-concept without observed exploitation.
read more →

Critical SearchLeak flaw in Microsoft 365 Copilot

🔒 Microsoft fixed a critical vulnerability chain named SearchLeak in Microsoft 365 Copilot Enterprise that could let attackers exfiltrate mailbox, OneDrive, and SharePoint data via a single crafted URL. Researchers at Varonis chained a parameter-to-prompt injection, an HTML rendering race condition, and a Bing SSRF-based CSP bypass to make Copilot fetch and leak sensitive content. The issue was addressed as CVE-2026-42824 and requires no user action now that Microsoft patched it.
read more →

Microsoft fixes WUSA update failures in June patch

🔧 Microsoft fixed a known issue causing Windows updates released since May 2025 to fail when installed via the Windows Update Standalone Installer (WUSA) from a network share. The bug affected enterprise Windows 11 24H2/25H2 and Windows Server 2025 devices when multiple .msu files were present on a network share, producing ERROR_BAD_PATHNAME. Microsoft mitigated the issue for home and non-managed business devices in September 2025 and delivered a full fix in the June 2026 cumulative updates (KB5079391, KB5094125).
read more →

Three strategic takeaways from Microsoft Build 2026

🔍 This post summarizes three business-focused takeaways from Microsoft Build 2026 for leaders evaluating AI adoption. It explains how Microsoft is shifting from standalone models to a shared enterprise intelligence layer—Microsoft IQ—that connects business data and processes across systems. The article highlights Azure’s agent platform and Foundry updates for production-grade deployment, governance, and performance, emphasizing that AI is expected to deliver measurable outcomes now.
read more →

Microsoft fixes BitLocker recovery bug in Server 2025

🔒 Microsoft has fixed a known issue that caused some Windows Server 2025 devices to boot into BitLocker recovery after the April 2026 security update. The problem affected specific enterprise configurations where BitLocker, certain TPM/PCR7 validation settings, and a 2023-signed Windows Boot Manager interaction could trigger a one-time recovery prompt. Microsoft released KB5094125 (Server 2025) and KB5093998 (Windows 11 23H2) to address the bug and offered mitigation guidance for admins unable to deploy immediately.
read more →

June Patch Tuesday: Record CVE Count and Critical Fixes

🔒 June Patch Tuesday brought an unprecedented wave of fixes: Microsoft released over 200 CVEs including three disclosed zero-days and 32 critical patches, while SAP and Adobe patched multiple high-severity enterprise flaws. Microsoft warns this increase may become the new normal as AI accelerates vulnerability discovery, urging risk-based prioritization and automated patching. Administrators should urgently assess critical kernel, Active Directory, Hyper-V, and Exchange fixes.
read more →

Microsoft patches Exchange Server XSS zero-day exploit

🛡️ Microsoft released updates to fix an actively exploited Exchange Server XSS vulnerability (CVE-2026-42897) that allows remote attackers to execute arbitrary JavaScript in Outlook Web Access without privileges. The flaw affects Exchange Server 2016, 2019, and Subscription Edition; Microsoft initially deployed a temporary mitigation via the Exchange Emergency Mitigation Service and now urges admins to install the June 2026 security updates and retain mitigations for added protection.
read more →

Microsoft warns some upgraded Windows PCs fail updates

⚠️ Microsoft alerted users that a small subset of Windows devices upgraded to Windows 11 24H2 or 25H2 may fail to install the June 2026 cumulative updates, producing errors 0x80073712 or 0x800f0993. Affected systems show these errors in Update history and logs; Microsoft says a restart will roll out a fix to unmanaged and Home devices starting May 19, 2026. For other impacted machines, Microsoft published replacement KBs and recommends removing an impacted package or performing an in-place upgrade if needed.
read more →

Microsoft patches YellowKey, GreenPlasma and MiniPlasma zero-days

🔒 Microsoft released June 2026 updates fixing three zero-day vulnerabilities disclosed by a researcher known as "Nightmare Eclipse." The flaws—GreenPlasma and MiniPlasma (local privilege escalation) and YellowKey (WinRE backdoor)—allow attackers to escalate to SYSTEM or bypass BitLocker on affected Windows systems. Microsoft provided mitigations for YellowKey and criticized the public disclosure of proof-of-concepts.
read more →