< ciso
brief />
Tag Banner

All news with #microsoft tag

835 articles · page 9 of 42

Windows BitLocker Zero-Day: YellowKey and GreenPlasma

🔒 A researcher known as Chaotic Eclipse (Nightmare-Eclipse on GitHub) published proof-of-concept exploits named YellowKey and GreenPlasma that bypass BitLocker protections and enable local privilege escalation on affected Windows versions. YellowKey abuses the Windows Recovery Environment (WinRE) and NTFS transaction replay to spawn a shell and access encrypted volumes, while GreenPlasma allows arbitrary memory-section creation that can be escalated to SYSTEM. The author said the disclosures were driven by dissatisfaction with Microsoft's handling of reports. Microsoft says it investigates and supports coordinated disclosure.
read more →

Microsoft's Investments Drive PostgreSQL's Cloud Future

🔧Microsoft outlines its sustained investment in PostgreSQL through upstream contributions, managed services, developer tools, and community programs. The post highlights 345 commits to the latest PostgreSQL release, active Microsoft committers working upstream, and service offerings such as Azure Database for PostgreSQL and Azure HorizonDB. It also emphasizes AI integrations like vector search and model invocation alongside IDE tooling and community engagement.
read more →

Microsoft fixes BitLocker recovery on Windows 11 25H2

🔧 Microsoft released a cumulative update addressing a BitLocker recovery issue that caused some systems to prompt for recovery keys after installing the April 2026 security updates. The KB5089549 patch fixes the problem on Windows 11 25H2 by correcting boot-file update behavior tied to certain TPM validation and invalid PCR7 settings. Administrators are advised to remove the Configure TPM platform validation profile for native UEFI firmware configurations Group Policy before broad deployment and to confirm BitLocker bindings use the PCR7 profile.
read more →

Microsoft Fixes Windows Autopatch Bug Deploying Drivers

🔧 Microsoft has applied a service-side fix for a Windows Autopatch bug that caused driver updates restricted by administrative policies to be deployed on some EU-managed Windows devices. The issue affected a limited set of client platforms, including Windows 11 25H2, 24H2, and 23H2. Impacted systems experienced unexpected reboots and, in some cases, system failures depending on the installed drivers. Microsoft says no client-side action is required.
read more →

Microsoft MDASH: Multi-Model AI for Vulnerability Discovery

🛡️ Microsoft introduced MDASH (multi-model agentic scanning harness), a model-agnostic AI system in limited private preview designed to discover, validate, and prove exploitable defects in large codebases. The system orchestrates more than 100 specialized agents across frontier and distilled models in a structured pipeline that builds threat models, runs auditor and debater stages, groups equivalent findings, and proves vulnerabilities. Microsoft reports MDASH uncovered 16 issues fixed in this month’s Patch Tuesday, including two critical Windows networking and authentication flaws.
read more →

Microsoft's MDASH AI Finds 16 Windows Vulnerabilities

🔍 Microsoft disclosed MDASH, an AI-driven vulnerability discovery system that found 16 previously unknown Windows flaws, including four critical remote code execution bugs that were patched as part of the May 12 Patch Tuesday release. Built by the Autonomous Code Security and Windows Attack Research teams, the platform orchestrates more than 100 specialized AI agents across multiple models to scan, validate and construct triggering inputs before human review. Microsoft said MDASH is intentionally model-agnostic and will enter private enterprise preview next month.
read more →

Microsoft: Office Install Fails on Windows 365 Devices

⚠️ Microsoft confirmed that a recent service update introduced a configuration change preventing some customers from downloading and installing Office on Windows 365 Cloud PCs. The issue, tracked as WP1309017 and first acknowledged on May 12, is being investigated and a fix is in development. Microsoft said validation and deployment of the fix will take time and expects a further update on Friday. Affected users can manually download Office from the Microsoft 365 page while remediation proceeds.
read more →

Microsoft Patches 138 Vulnerabilities Across Products

🔒 Microsoft released patches for 138 vulnerabilities across its product portfolio, including 30 Critical and 104 Important flaws, with none currently listed as publicly known or under active attack. The update spans privilege escalation, remote code execution, information disclosure, and spoofing issues, and includes a recently patched AMD CPU isolation flaw (CVE-2025-54518). Notable high-risk fixes include CVE-2026-41096 (Windows DNS heap overflow) and several Critical issues in Azure, Dynamics 365, Hyper-V, and Office. Administrators are urged to prioritize updates, rotate Secure Boot certificates before the June 26, 2026 deadline, and follow mitigation guidance such as reducing internet exposure and enforcing MFA.
read more →

Microsoft May Patch: 17 Critical Flaws Including RCE

🔒 Microsoft released its May Patch Tuesday fixing 120 CVEs, including 17 critical flaws. The update addresses 14 RCEs, two elevation of privilege bugs and one information disclosure issue, with the majority of fixes covering EoP and RCE types. Microsoft credited its WARP team and an agentic AI system, MDASH, with discovering 16 of the issues. Administrators are urged to prioritize high-risk fixes such as CVE-2026-41089.
read more →

May Patch Tuesday: Critical Windows, DNS, and Dynamics Fixes

🔒 Microsoft’s May Patch Tuesday addresses 118 vulnerabilities, including critical Windows Server flaws in Netlogon (CVE-2026-41089) and the DNS Client (CVE-2026-41096), plus a severe RCE in Microsoft Dynamics 365 On-Premises. Cloud services such as Azure and Microsoft Teams have already been updated, but on-prem and endpoint administrators must prioritize OS and application patches. Analysts recommend additional protections like network segmentation, access restrictions, and monitoring. Also note a mandatory Secure Boot certificate rotation before June 26 and multiple high‑risk SAP and Oracle updates.
read more →

AI-Assisted Synthetic Attack Logs to Accelerate Detection

🔒 Microsoft researchers describe an AI-driven pipeline that translates attacker TTPs into realistic, structured security logs to accelerate detection engineering. The approach uses prompt engineering, collaborative agentic refinement, and data augmentation to generate semantically accurate telemetry (command lines, process ancestry, fields) without exposing sensitive customer data. Evaluation across multiple datasets shows agentic workflows and reasoning models notably improve recall and fidelity compared to prompt-only methods.
read more →

Microsoft's MDASH: Multi-Model Agentic Security System for Windows

🔒 Microsoft announced MDASH, a multi-model agentic scanning harness that orchestrates over 100 specialized AI agents to discover, validate, and prove exploitable bugs in Windows. In internal tests it found 21 of 21 seeded driver vulnerabilities with zero false positives and achieved an industry-leading 88.45% score on the CyberGym benchmark. The harness produced 16 CVEs in today’s Patch Tuesday across networking and authentication stacks, including four Critical remote code execution flaws, and is in limited private preview with select customers.
read more →

Microsoft Patch Tuesday May 2026: 137 Vulnerabilities

🔒 Microsoft released its May 2026 Patch Tuesday update addressing 137 vulnerabilities, of which 31 are rated critical. Microsoft reports no observed active exploitation in the wild, though several critical RCE and local code-execution flaws affect Windows services, Office, Azure, SharePoint, and mobile Office. Talos has published new Snort 2 and Snort 3 rule sets to detect many exploitation attempts and recommends immediate patching and signature updates.
read more →

Microsoft Issues Windows 10 KB5087544 Security Update

🛡️Microsoft released the KB5087544 extended security update for Windows 10 to address the May 2026 Patch Tuesday fixes and correct rendering issues with the new Remote Desktop warnings. Enterprise LTSC and systems enrolled in the ESU program can obtain the update via Settings → Windows Update and checking for updates. After installation Windows 10 moves to build 19045.7291 and LTSC 2021 to 19044.7291. The update also includes 120 security fixes, Secure Boot improvements, a DST update for Egypt, and a known BitLocker prompt issue with a recommended temporary workaround.
read more →

Windows 11 May 2026 Cumulative Updates KB5089549/KB5087420

🔒 Microsoft released Windows 11 cumulative updates KB5089549 (25H2/24H2) and KB5087420 (23H2) as the May 2026 Patch Tuesday rollout. The mandatory updates address 120 security vulnerabilities, deliver bug fixes, and introduce features such as desktop Xbox mode, expanded File Explorer archive support, haptic input signals, and Drop Tray. They also improve Windows Hello, taskbar reliability, printing, and add an optional registry control to harden batch-file processing. Install via Settings > Windows Update or the Microsoft Update Catalog.
read more →

Microsoft May 2026 Patch Tuesday: 120 Vulnerabilities Fixed

🔔 Today's May 2026 Patch Tuesday from Microsoft delivers security updates addressing 120 distinct vulnerabilities, including 17 rated Critical. The release corrects multiple remote code execution, elevation-of-privilege, information disclosure, denial-of-service, spoofing, and security feature bypass flaws across Windows, Office, SharePoint, and developer tools. Notable patches close dangerous RCE vectors in Microsoft Office (Word, Excel, PowerPoint) that can be exploited via malicious attachments or the preview pane, and key fixes include Windows GDI EMF parsing, SharePoint server RCE, and a Windows DNS Client RCE. Administrators are strongly advised to prioritize and deploy updates promptly to reduce exposure.
read more →

Microsoft and SAP Advance Enterprise AI on Azure, Sapphire

🚀 At SAP Sapphire 2026, Microsoft and SAP announced expanded integrations to embed AI across SAP applications on Azure, emphasizing Microsoft IQ as a shared intelligence layer and agent-to-agent capabilities between Copilot and Joule. The updates include bi-directional, zero-copy delta sharing with SAP Business Data Cloud and Microsoft Fabric, sovereign cloud expansions, and an enlarged RISE with SAP acceleration program. These developments aim to move enterprises from experimentation to production-ready, governed AI at scale.
read more →

Stealthy Intrusion via Trusted Third-Party Compromise

🔍 Microsoft Incident Response details a stealthy intrusion in which a compromised third‑party IT services provider abused trusted operational tooling to gain durable access. The actor executed VBScripts and web shells via HPE Operations Agent and HPOM, enabling credential theft, lateral movement, and persistent footholds while blending into normal administration. Malicious modules (mslogon.dll, passms.dll, msupdate.dll) captured and staged credentials for exfiltration over SMB and SMTP. The report outlines timeline, analysis, and Microsoft Defender detection and mitigation guidance.
read more →

Platform Modernization and AI on Azure Red Hat OpenShift

🔷 At Red Hat Summit 2026, Microsoft and Red Hat highlighted how Azure Red Hat OpenShift supports modernization and production AI by delivering consistent governance, security, and scale. Microsoft was named Platform Modernization Partner of the Year, underscoring joint customer outcomes. Banco Bradesco and Topicus illustrate production AI and regulated lending workloads running on the jointly managed platform. Key advances include OpenShift Virtualization, confidential containers, managed identities, expanded NVIDIA GPU support, and broader regional availability.
read more →

AI-Native Apps and Data Trends from Cosmos Conf 2026

📌 At Cosmos Conf 2026 Microsoft outlined how AI is transforming application and database design, arguing data platforms must become systems of reasoning that handle prompts, memory, and evolving context. Leaders from OpenAI, Vercel, and Walmart stressed the need for serverless instant scalability, integrated caching, low-latency global distribution, and developer cost visibility. Demos and customer stories highlighted patterns like vector search, change feed, and role-based governance to deliver real-world, low-latency AI experiences.
read more →