All news with #microsoft tag

🔔 Today's May 2026 Patch Tuesday from Microsoft delivers security updates addressing 120 distinct vulnerabilities, including 17 rated Critical. The release corrects multiple remote code execution, elevation-of-privilege, information disclosure, denial-of-service, spoofing, and security feature bypass flaws across Windows, Office, SharePoint, and developer tools. Notable patches close dangerous RCE vectors in Microsoft Office (Word, Excel, PowerPoint) that can be exploited via malicious attachments or the preview pane, and key fixes include Windows GDI EMF parsing, SharePoint server RCE, and a Windows DNS Client RCE. Administrators are strongly advised to prioritize and deploy updates promptly to reduce exposure.

🚀 At SAP Sapphire 2026, Microsoft and SAP announced expanded integrations to embed AI across SAP applications on Azure, emphasizing Microsoft IQ as a shared intelligence layer and agent-to-agent capabilities between Copilot and Joule. The updates include bi-directional, zero-copy delta sharing with SAP Business Data Cloud and Microsoft Fabric, sovereign cloud expansions, and an enlarged RISE with SAP acceleration program. These developments aim to move enterprises from experimentation to production-ready, governed AI at scale.

🔍 Microsoft Incident Response details a stealthy intrusion in which a compromised third‑party IT services provider abused trusted operational tooling to gain durable access. The actor executed VBScripts and web shells via HPE Operations Agent and HPOM, enabling credential theft, lateral movement, and persistent footholds while blending into normal administration. Malicious modules (mslogon.dll, passms.dll, msupdate.dll) captured and staged credentials for exfiltration over SMB and SMTP. The report outlines timeline, analysis, and Microsoft Defender detection and mitigation guidance.

🔷 At Red Hat Summit 2026, Microsoft and Red Hat highlighted how Azure Red Hat OpenShift supports modernization and production AI by delivering consistent governance, security, and scale. Microsoft was named Platform Modernization Partner of the Year, underscoring joint customer outcomes. Banco Bradesco and Topicus illustrate production AI and regulated lending workloads running on the jointly managed platform. Key advances include OpenShift Virtualization, confidential containers, managed identities, expanded NVIDIA GPU support, and broader regional availability.

📌 At Cosmos Conf 2026 Microsoft outlined how AI is transforming application and database design, arguing data platforms must become systems of reasoning that handle prompts, memory, and evolving context. Leaders from OpenAI, Vercel, and Walmart stressed the need for serverless instant scalability, integrated caching, low-latency global distribution, and developer cost visibility. Demos and customer stories highlighted patterns like vector search, change feed, and role-based governance to deliver real-world, low-latency AI experiences.

🔒 Microsoft warns of a new local Linux privilege escalation called Dirty Frag that abuses fragmented page-cache handling to gain root. The chain uses two kernel flaws — CVE-2026-43284 (ESP) and CVE-2026-43500 (RxRPC) — and is already observed in post-compromise attacks. Administrators are urged to disable esp4, esp6, and rxrpc modules, limit local shell access, and monitor for abnormal privilege escalation while vendors roll out patches.

🔐 Microsoft marks World Passkey Day by outlining steps to accelerate passkey adoption and reduce reliance on passwords and phishable methods. The company highlights work with the FIDO Alliance, expanded Microsoft Entra passkey support, Windows Hello device‑bound keys, and syncing through Microsoft Password Manager. It also strengthens account recovery with verified ID and biometric checks and plans to remove security questions in Entra ID by January 2027. Organizations are urged to enable passkeys and apply policies across sign‑in and recovery.

🔒 The Center for AI Standards and Innovation (CAISI), part of the Department of Commerce’s NIST, has secured agreements with Google DeepMind, Microsoft, and xAI to conduct pre-deployment evaluations and targeted research on frontier AI models. These accords expand an existing program that already includes Anthropic and OpenAI and are intended to provide vendors with safety feedback before public release. Microsoft described the partnerships as essential to building trust in advanced systems, while CAISI emphasized continuous evaluation to advance AI security and standards.

🔒 Microsoft was named an Overall Leader and Market Leader in KuppingerCole Analysts’ 2026 Emerging AI Security Operations Center (SOC) report. The research highlights a shift from static playbooks to intelligence‑driven automation that augments analyst decision‑making and scales operations. Microsoft cites capabilities such as Microsoft Sentinel enhancements, automatic attack disruption, a phishing triage agent, AI‑powered incident prioritization, and integration with Microsoft Security Copilot to accelerate response and reduce analyst burden.

🔒 A Norwegian researcher discovered that Microsoft Edge decrypts saved passwords at startup and keeps them resident in process memory, leaving credentials retrievable in plain text on shared or compromised machines. German publication Heise reproduced the finding, locating passwords even after a browser restart. Microsoft reportedly treats the behavior as 'by design,' prompting calls for using alternative password managers.

📩 Microsoft Defender Research disclosed a large-scale credential-theft campaign that targeted over 35,000 users at roughly 13,000 organizations using polished fake internal compliance notifications. Running April 15–16, 2026, the messages used enterprise-style HTML templates, organization-specific names and attached PDFs that redirected recipients through a Cloudflare CAPTCHA to staged authentication pages. Attackers employed an adversary-in-the-middle (AiTM) flow to harvest tokens and compromise accounts, primarily impacting US firms but seen in 26 countries. Microsoft recommends enabling passwordless authentication, using authenticator apps for MFA, turning on Safe Links and Safe Attachments, and configuring attack disruption in Microsoft Defender XDR.

🔐 A new CloudZ remote access tool (RAT) variant deploys a previously unseen plugin named Pheno that hijacks Microsoft Phone Link on Windows 10 and 11 to extract SMS messages and one‑time passwords from the application’s local SQLite database. Cisco Talos says the intrusion has been active since at least January and can intercept OTPs mirrored to the desktop without compromising the mobile device. The infection chain begins with a fake ScreenConnect update that drops a Rust loader and a .NET loader which installs CloudZ, establishes persistence via a scheduled task, and performs anti-analysis checks.

🔍Cisco Talos disclosed an active campaign since January 2026 in which an unknown actor deployed a modular .NET RAT called CloudZ and a novel plugin, Pheno. Pheno targets the Windows Phone Link feature to detect an active PC-to-phone bridge and stage Phone Link SQLite files, enabling potential interception of mirrored SMS and OTPs without compromising the phone. CloudZ executes core functions dynamically in memory, performs anti-debug and sandbox checks, and supports plugin-based credential exfiltration.

📧 The Amazon Quick extension for Microsoft Outlook is now available in preview, embedding generative AI directly into email and calendar workflows. Using natural-language prompts, users can summarize unread messages, prioritize and organize mail, find specific discussions, schedule meetings, and draft contextual replies without leaving Outlook. The extension pulls relevant content from Amazon Quick spaces and knowledge bases and can trigger actions in external apps via configured integrations. Preview is available in several AWS regions; sign-up and documentation are provided on the Quick site.

🔒 Microsoft confirms the April 2026 security updates are blocking the kernel driver psmounterex.sys, causing mounting failures and VSS snapshot timeouts in third-party backup applications such as Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server and NinjaOne Backup on Windows 10, Windows 11 and Windows Server. The update adds the driver to the Vulnerable Driver Blocklist to mitigate CVE-2023-43896. Microsoft advises installing updated application versions that include drivers with required protections and checking the Code Integrity log for Event ID 3077 rather than uninstalling or pausing the security updates.

🛡️ Microsoft Defender began flagging legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha after a signature update on April 30, producing widespread false positives and, in some cases, removing certificates from Windows trust stores. Microsoft issued Security Intelligence updates 1.449.430.0 and 1.449.431.0 to resolve the detections and reportedly restore removed certificates. Administrators can force an update via Windows Security > Virus and threat protection > Protection updates.

🖥️ Microsoft is testing a modernized Windows 11 Run dialog in preview Build 26300.8346 that adopts Fluent Design, enables dark mode, and shows icons in suggestion lists while preserving a minimalist interface. Microsoft reports a median time-to-show of 94 ms versus roughly 103 ms for the legacy dialog and expects further platform improvements. The rarely used Browse button was removed based on telemetry. The feature is optional and can be enabled via Settings > Advanced Settings while Microsoft collects feedback.

⚠️ Microsoft and CISA have warned that a Windows shell spoofing vulnerability (CVE-2026-32202) is being actively exploited and has prompted a CISA directive requiring federal agencies to patch by May 12. Microsoft says exploitation can expose sensitive data though it does not allow full system takeover. Security experts caution the situation was aggravated by an incomplete earlier fix for CVE-2026-21510, creating a patch gap between vendor updates and organizational deployment. CISOs face a difficult balance between rapid remediation and careful testing to avoid service disruption, and are urged to apply interim mitigations where possible.

🔒 Microsoft announces Agent 365 is generally available, offering a unified control plane to observe, govern, and secure AI agents across endpoints, cloud, and SaaS. The release adds discovery of local and cloud agents (including OpenClaw, GitHub Copilot CLI, and Claude Code) and integrates with Intune and Defender for inventory, policy controls, runtime blocking, and alerting. Agent 365 also introduces Windows 365 for Agents, partner integrations, and licensing via Microsoft 365 E7 or standalone at USD 15 per user per month.

🔧 Microsoft has issued a fix for a known issue that caused newly introduced Windows security warnings to render incorrectly when opening Remote Desktop (.rdp) files on multi-monitor systems with differing display scaling. The bug affected all supported Windows versions after the April 2026 cumulative updates and was addressed in the optional Windows 11 preview update KB5083631. The misrendering could hide or misalign dialog buttons and text, preventing users from interacting with the RDP security prompt designed to block risky resource redirections.