All news with #microsoft tag

⚠️ Microsoft disclosed a new actively exploited vulnerability, CVE-2026-42897 (CVSS 8.1), a spoofing bug caused by cross-site scripting in on-premises Exchange Server. An attacker can execute arbitrary JavaScript by sending a crafted email that is opened in Outlook Web Access. Microsoft offers a temporary mitigation via the Exchange Emergency Mitigation Service (enabled by default) and provides an EOMT PowerShell script for environments that cannot use the service; Exchange Online is not affected.

🔒 On day one of Pwn2Own Berlin 2026 researchers earned $523,000 exploiting 24 unique zero-days, led by Orange Tsai, who collected $175,000 after chaining four logic flaws to escape the Microsoft Edge sandbox. Windows 11 was rooted three times for new privilege-escalation bugs, and Valentina Palmiotti secured payouts for Red Hat Workstations and an NVIDIA Container Toolkit flaw. The event focuses on enterprise and AI-targeted technologies.

🔔 AWS has added GLM-5.1-FP8 (from Z.ai) and Phi-4-mini-instruct (from Microsoft) to Amazon SageMaker JumpStart, expanding foundation model choices for enterprise workloads. GLM-5.1-FP8 targets agentic software engineering and multi-round optimization for repository-level code, debugging, and long-horizon automation. Phi-4-mini-instruct provides compact, low-latency reasoning across 24 languages and supports function calling for edge and latency-sensitive use cases. Customers can deploy these models via SageMaker Studio or the SageMaker Python SDK in a few clicks.

🛡️ Microsoft Security explains how rising agentic autonomy reorients security from models to how agents are assembled, constrained, and governed inside applications. The post identifies amplified risks—agent hijacking, intent breaking, data leakage, supply chain compromise—and shows why the application layer is decisive because builders fully control permissions, tool access, and failure handling. It recommends concrete design patterns: agents as microservices, least permissions, deterministic human-in-the-loop, and distinct agent identity to limit blast radius and preserve auditability.

🔒 Microsoft Defender research shows AI and agentic applications on cloud-native platforms are frequently deployed with insecure defaults and missing authentication, creating exploitable misconfigurations. Observed exposures include public MCP servers, unsecured Helm chart installs, and unauthenticated agent frameworks that enable remote code execution, credential theft, and access to internal tools. Defender for Cloud can detect exposed Kubernetes services and unsafe deployment patterns to help teams prioritize remediation.

🔒 A researcher known as Chaotic Eclipse (Nightmare-Eclipse on GitHub) published proof-of-concept exploits named YellowKey and GreenPlasma that bypass BitLocker protections and enable local privilege escalation on affected Windows versions. YellowKey abuses the Windows Recovery Environment (WinRE) and NTFS transaction replay to spawn a shell and access encrypted volumes, while GreenPlasma allows arbitrary memory-section creation that can be escalated to SYSTEM. The author said the disclosures were driven by dissatisfaction with Microsoft's handling of reports. Microsoft says it investigates and supports coordinated disclosure.

🔧Microsoft outlines its sustained investment in PostgreSQL through upstream contributions, managed services, developer tools, and community programs. The post highlights 345 commits to the latest PostgreSQL release, active Microsoft committers working upstream, and service offerings such as Azure Database for PostgreSQL and Azure HorizonDB. It also emphasizes AI integrations like vector search and model invocation alongside IDE tooling and community engagement.

🔧 Microsoft released a cumulative update addressing a BitLocker recovery issue that caused some systems to prompt for recovery keys after installing the April 2026 security updates. The KB5089549 patch fixes the problem on Windows 11 25H2 by correcting boot-file update behavior tied to certain TPM validation and invalid PCR7 settings. Administrators are advised to remove the Configure TPM platform validation profile for native UEFI firmware configurations Group Policy before broad deployment and to confirm BitLocker bindings use the PCR7 profile.

🔧 Microsoft has applied a service-side fix for a Windows Autopatch bug that caused driver updates restricted by administrative policies to be deployed on some EU-managed Windows devices. The issue affected a limited set of client platforms, including Windows 11 25H2, 24H2, and 23H2. Impacted systems experienced unexpected reboots and, in some cases, system failures depending on the installed drivers. Microsoft says no client-side action is required.

🛡️ Microsoft introduced MDASH (multi-model agentic scanning harness), a model-agnostic AI system in limited private preview designed to discover, validate, and prove exploitable defects in large codebases. The system orchestrates more than 100 specialized agents across frontier and distilled models in a structured pipeline that builds threat models, runs auditor and debater stages, groups equivalent findings, and proves vulnerabilities. Microsoft reports MDASH uncovered 16 issues fixed in this month’s Patch Tuesday, including two critical Windows networking and authentication flaws.

🔍 Microsoft disclosed MDASH, an AI-driven vulnerability discovery system that found 16 previously unknown Windows flaws, including four critical remote code execution bugs that were patched as part of the May 12 Patch Tuesday release. Built by the Autonomous Code Security and Windows Attack Research teams, the platform orchestrates more than 100 specialized AI agents across multiple models to scan, validate and construct triggering inputs before human review. Microsoft said MDASH is intentionally model-agnostic and will enter private enterprise preview next month.

⚠️ Microsoft confirmed that a recent service update introduced a configuration change preventing some customers from downloading and installing Office on Windows 365 Cloud PCs. The issue, tracked as WP1309017 and first acknowledged on May 12, is being investigated and a fix is in development. Microsoft said validation and deployment of the fix will take time and expects a further update on Friday. Affected users can manually download Office from the Microsoft 365 page while remediation proceeds.

🔒 Microsoft released patches for 138 vulnerabilities across its product portfolio, including 30 Critical and 104 Important flaws, with none currently listed as publicly known or under active attack. The update spans privilege escalation, remote code execution, information disclosure, and spoofing issues, and includes a recently patched AMD CPU isolation flaw (CVE-2025-54518). Notable high-risk fixes include CVE-2026-41096 (Windows DNS heap overflow) and several Critical issues in Azure, Dynamics 365, Hyper-V, and Office. Administrators are urged to prioritize updates, rotate Secure Boot certificates before the June 26, 2026 deadline, and follow mitigation guidance such as reducing internet exposure and enforcing MFA.

🔒 Microsoft released its May Patch Tuesday fixing 120 CVEs, including 17 critical flaws. The update addresses 14 RCEs, two elevation of privilege bugs and one information disclosure issue, with the majority of fixes covering EoP and RCE types. Microsoft credited its WARP team and an agentic AI system, MDASH, with discovering 16 of the issues. Administrators are urged to prioritize high-risk fixes such as CVE-2026-41089.

🔒 Microsoft’s May Patch Tuesday addresses 118 vulnerabilities, including critical Windows Server flaws in Netlogon (CVE-2026-41089) and the DNS Client (CVE-2026-41096), plus a severe RCE in Microsoft Dynamics 365 On-Premises. Cloud services such as Azure and Microsoft Teams have already been updated, but on-prem and endpoint administrators must prioritize OS and application patches. Analysts recommend additional protections like network segmentation, access restrictions, and monitoring. Also note a mandatory Secure Boot certificate rotation before June 26 and multiple high‑risk SAP and Oracle updates.

🔒 Microsoft researchers describe an AI-driven pipeline that translates attacker TTPs into realistic, structured security logs to accelerate detection engineering. The approach uses prompt engineering, collaborative agentic refinement, and data augmentation to generate semantically accurate telemetry (command lines, process ancestry, fields) without exposing sensitive customer data. Evaluation across multiple datasets shows agentic workflows and reasoning models notably improve recall and fidelity compared to prompt-only methods.

🔒 Microsoft announced MDASH, a multi-model agentic scanning harness that orchestrates over 100 specialized AI agents to discover, validate, and prove exploitable bugs in Windows. In internal tests it found 21 of 21 seeded driver vulnerabilities with zero false positives and achieved an industry-leading 88.45% score on the CyberGym benchmark. The harness produced 16 CVEs in today’s Patch Tuesday across networking and authentication stacks, including four Critical remote code execution flaws, and is in limited private preview with select customers.

🔒 Microsoft released its May 2026 Patch Tuesday update addressing 137 vulnerabilities, of which 31 are rated critical. Microsoft reports no observed active exploitation in the wild, though several critical RCE and local code-execution flaws affect Windows services, Office, Azure, SharePoint, and mobile Office. Talos has published new Snort 2 and Snort 3 rule sets to detect many exploitation attempts and recommends immediate patching and signature updates.

🛡️Microsoft released the KB5087544 extended security update for Windows 10 to address the May 2026 Patch Tuesday fixes and correct rendering issues with the new Remote Desktop warnings. Enterprise LTSC and systems enrolled in the ESU program can obtain the update via Settings → Windows Update and checking for updates. After installation Windows 10 moves to build 19045.7291 and LTSC 2021 to 19044.7291. The update also includes 120 security fixes, Secure Boot improvements, a DST update for Egypt, and a known BitLocker prompt issue with a recommended temporary workaround.

🔒 Microsoft released Windows 11 cumulative updates KB5089549 (25H2/24H2) and KB5087420 (23H2) as the May 2026 Patch Tuesday rollout. The mandatory updates address 120 security vulnerabilities, deliver bug fixes, and introduce features such as desktop Xbox mode, expanded File Explorer archive support, haptic input signals, and Drop Tray. They also improve Windows Hello, taskbar reliability, printing, and add an optional registry control to harden batch-file processing. Install via Settings > Windows Update or the Microsoft Update Catalog.