serisec

Category: Windows

  • Microsoft Releases KB5089573 for Windows 11 to Fix Patch Tuesday Install Issues

    Microsoft Releases KB5089573 for Windows 11 to Fix Patch Tuesday Install Issues Microsoft has rolled out a new cumulative update, KB5089573, for Windows 11 versions 25H2 and 24H2, targeting a critical installation failure that affected users following the May 2026 Patch Tuesday release. The update brings OS builds to 26200.8524 and 26100.8524, respectively, resolving a…

  • Microsoft Releases Mitigation for Windows BitLocker Security Bypass 0-Day Vulnerability

    Microsoft Releases Mitigation for Windows BitLocker Security Bypass 0-Day Vulnerability Microsoft has disclosed a critical zero-day vulnerability in Windows BitLocker, tracked as CVE-2026-45585, that allows threat actors with physical access to bypass full-disk encryption entirely, potentially exposing sensitive data within minutes. The flaw was publicly disclosed on May 19, 2026, and while no active exploitation…

  • Zero-Day Exploit Against Windows BitLocker

    Zero-Day Exploit Against Windows BitLocker It’s nasty, but it requires physical access to the computer: The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft provides to make disk contents off-limits to anyone…

  • Microsoft Confirms Windows 11 Update Fails With Error 0x800f0922

    Microsoft Confirms Windows 11 Update Fails With Error 0x800f0922 Microsoft has officially acknowledged a critical installation failure affecting its May 2026 Patch Tuesday cumulative update for Windows 11, KB5089549, leaving users stranded with error code 0x800f0922 and, in some cases, additional errors 0x80240069 and 0x80240031. The known issue was formally added to the update’s change…

  • New Windows ‘MiniPlasma’ Zero-Day Let Attackers Gain SYSTEM Access – PoC Released

    New Windows ‘MiniPlasma’ Zero-Day Let Attackers Gain SYSTEM Access – PoC Released A critical Windows privilege escalation zero-day vulnerability dubbed “MiniPlasma” has emerged with a public proof-of-concept exploit that allows attackers to achieve SYSTEM-level privileges on fully patched Windows systems. Security researcher Nightmare-Eclipse released the weaponized exploit on GitHub on May 13, 2026, claiming that…

  • Microsoft Exchange, Windows 11, and Cursor Zero-Days Exploited on Pwn2Own Day 2

    Microsoft Exchange, Windows 11, and Cursor Zero-Days Exploited on Pwn2Own Day 2 Pwn2Own Berlin 2026 is rapidly escalating into one of the most intense offensive security contests in recent years, with Day Two delivering a fresh wave of critical zero-day exploits targeting enterprise software, AI tools, and operating systems. Security researchers demonstrated real-world attack scenarios…

  • JDownloader Website Compromised to Distribute Malicious Windows and Linux Installers

    JDownloader Website Compromised to Distribute Malicious Windows and Linux Installers A widely used download manager trusted by millions has briefly turned into a malware delivery platform after attackers compromised the official JDownloader website, replacing legitimate installers with malicious versions targeting both Windows and Linux users. The incident, confirmed by developers and security researchers, occurred between…

  • Windows DNS Client Vulnerability Enables Remote Code Execution Attacks

    Windows DNS Client Vulnerability Enables Remote Code Execution Attacks A newly disclosed vulnerability in the Microsoft Windows DNS Client could let attackers silently execute malicious code across enterprise networks, exposing a massive attack surface. Officially designated as CVE-2026-41096, this critical security flaw carries a severe CVSS score of 9.8 out of 10. By simply returning…

  • Microsoft Windows 11 April 2026 Security Update Breaks Third-Party Backup Applications

    Microsoft Windows 11 April 2026 Security Update Breaks Third-Party Backup Applications Microsoft’s April 2026 cumulative security update for Windows 11 is causing significant disruptions for users relying on third-party backup software, triggering an MS-DEFCON level 3 advisory from security patch analyst Susan Bradley at AskWoody. The problematic update, KB5083769, applies to Windows 11 versions 24H2…

  • Windows Remote Desktop Leaves Behind Image Fragments Attackers Can Stitch Into Screenshots

    Windows Remote Desktop Leaves Behind Image Fragments Attackers Can Stitch Into Screenshots Whenever someone uses Windows Remote Desktop, the operating system quietly saves visual fragments of the active session. As recently highlighted by SCYTHE Labs, attackers can easily extract these breadcrumbs and rebuild them into readable screenshots. This process requires no special privileges, takes just…

  • Microsoft Confirms Windows Servers Enter Reboot Loops Following April Patches

    Microsoft Confirms Windows Servers Enter Reboot Loops Following April Patches Microsoft has confirmed a critical known issue affecting Windows Server 2025 domain controllers following the deployment of the April 2026 Patch Tuesday cumulative update, KB5082063, where affected servers are entering repeated reboot loops after installation. Released on April 14, 2026, the cumulative update KB5082063 (OS…

  • One-Click RCE in Azure Windows Admin Center Allow Attacker to Execute Arbitrary Commands

    One-Click RCE in Azure Windows Admin Center Allow Attacker to Execute Arbitrary Commands Windows Admin Center is a locally deployed, browser-based management tool used by IT administrators to manage Windows servers, clients, and clusters from a centralized graphical interface. This newly discovered critical flaw, identified by Cymulate Research Labs, allows attackers to achieve unauthenticated, one-click…

  • Windows BitLocker Vulnerability Allows Attacker to Bypass Security Feature

    Windows BitLocker Vulnerability Allows Attacker to Bypass Security Feature Microsoft officially released security updates to address a significant vulnerability in Windows BitLocker. Tracked as CVE-2026-27913, this security feature bypass vulnerability was discovered by security researcher Alon Leviev in collaboration with the Microsoft STORM team. The flaw poses a substantial risk to enterprise device security architectures.…

  • Microsoft Confirms Recent Windows 11 Updates Break Push Button Reset

    Microsoft Confirms Recent Windows 11 Updates Break Push Button Reset Microsoft has officially acknowledged that recent security updates for Windows 11 are causing the “Reset this PC” (Push-button reset) recovery feature to fail. The issue was confirmed in the release notes for the March 2026 hotpatch updates, affecting systems running the latest operating system version.…

  • Microsoft Releases New Defender Update for Windows 11, 10, and Server Installation Images

    Microsoft Releases New Defender Update for Windows 11, 10, and Server Installation Images Microsoft has officially rolled out its latest security intelligence update for Microsoft Defender Antivirus, delivering crucial protections for Windows 11, Windows 10, and Windows Server installation images. This vital release ensures that Microsoft’s built-in antimalware solutions are fully equipped to identify and neutralize…

  • Microsoft Forcing Upgrades to Unmanaged Windows 11, Version 24H2

    Microsoft Forcing Upgrades to Unmanaged Windows 11, Version 24H2 Microsoft has officially begun force-upgrading unmanaged Windows 11 version 24H2 devices to version 25H2, marking the final phase of a staged rollout that relies on machine learning to determine device readiness. The move, confirmed in an updated Windows Release Health Dashboard entry, affects all Home and…

  • Windows 11 and Server 2025 Update to Block Untrusted Cross-Signed Kernel Drivers by Default

    Windows 11 and Server 2025 Update to Block Untrusted Cross-Signed Kernel Drivers by Default Microsoft is taking a major step to harden the Windows operating system against kernel-level threats by removing trust for drivers signed by the deprecated cross-signed root program. Starting with the April 2026 update, Windows 11 and Windows Server 2025 will block…

  • New Windows Error Reporting Vulnerability Lets Attackers Escalate to Gain SYSTEM Access

    New Windows Error Reporting Vulnerability Lets Attackers Escalate to Gain SYSTEM Access A newly analyzed local privilege escalation vulnerability in the Windows Error Reporting (WER) service allows attackers to easily gain full SYSTEM access. The flaw, tracked as CVE-2026-20817, was considered so structurally dangerous that Microsoft completely removed the vulnerable feature rather than attempting a…

  • Microsoft Emergency Out-of-Band Update for Windows 11 to Fix Microsoft Account Sign-In Failure

    Microsoft Emergency Out-of-Band Update for Windows 11 to Fix Microsoft Account Sign-In Failure Microsoft has issued an out-of-band (OOB) update for Windows 11 versions 25H2 and 24H2, identified as KB5085516, addressing a critical sign-in bug introduced by the March 2026 Patch Tuesday release. The update carries OS builds 26200.8039 and 26100.8039 and was made available…

  • Windows 11 March Update Breaks Microsoft Teams and OneDrive Sign-Ins

    Windows 11 March Update Breaks Microsoft Teams and OneDrive Sign-Ins Microsoft has acknowledged a significant bug introduced by its March 2026 cumulative update that is preventing users from signing into Microsoft Teams Free, OneDrive, and several other Microsoft applications on Windows 11 devices. The issue, tied to the KB5079473 update released on March 10, 2026,…

  • ‘RegPwn’ Windows Registry Vulnerability Enables Full System Access to Attackers

    ‘RegPwn’ Windows Registry Vulnerability Enables Full System Access to Attackers A high-severity Windows vulnerability dubbed “RegPwn” (CVE-2026-24291) is an elevation-of-privilege flaw that allows low-privileged users to gain full SYSTEM access. The MDSec red team discovered the vulnerability and successfully used it in internal engagements since January 2025, before it was addressed in a recent Microsoft…

  • Windows 11 23H2 to 25H2 Upgrade Allegedly Breaking Internet Connectivity

    Windows 11 23H2 to 25H2 Upgrade Allegedly Breaking Internet Connectivity A persistent bug in Windows 11 in-place upgrades is reportedly wiping critical 802.1X wired authentication configurations, leaving enterprise workstations completely offline until manual intervention is performed. System administrators across Reddit’s r/sysadmin community are raising alarms as the issue originally observed during Windows 10-to-11 migrations has…

  • Hackers Abuse Windows File Explorer and WebDAV for Stealthy Malware Delivery

    Hackers Abuse Windows File Explorer and WebDAV for Stealthy Malware Delivery Cybercriminals are increasingly abusing a legacy feature within Windows File Explorer to distribute malware, bypassing traditional web browser security and endpoint detection controls. According to a threat report by Kahng An of the Cofense Intelligence Team, threat actors are leveraging Web-based Distributed Authoring and…

  • PoC Released for Windows Vulnerability That Allows Attackers to Cause Unrecoverable BSOD Crashes

    PoC Released for Windows Vulnerability That Allows Attackers to Cause Unrecoverable BSOD Crashes A proof-of-concept (PoC) exploit has been publicly released for CVE-2026-2636, a newly documented vulnerability in Windows’ Common Log File System (CLFS) driver that allows any low-privileged, unprivileged user to instantly crash a target system into an unrecoverable Blue Screen of Death (BSoD). The…

  • Microsoft Released Updates for Windows 11, Version 25H2 and 24H2 Systems

    Microsoft Released Updates for Windows 11, Version 25H2 and 24H2 Systems An optional non-security update, KB5077241, has been released for Windows 11 versions 25H2 and 24H2, improving overall functionality, performance, and reliability without addressing security vulnerabilities. The release, which brings the OS builds to 26200.7922 and 26100.7922, includes enhancements to user interface elements and updates…

  • Critical Windows Admin Center Vulnerability Allows Privilege Escalation

    Critical Windows Admin Center Vulnerability Allows Privilege Escalation A critical security update addressing a high‑severity elevation of privilege vulnerability in Windows Admin Center (WAC), identified as CVE‑2026‑26119. The flaw, rated CVSS 8.8 (Critical), stems from improper authentication (CWE‑287) that could allow an authorized attacker to gain elevated network privileges. According to Microsoft, this vulnerability affects Windows Admin Center version 2.6.4, and…

  • Windows 11 KB5077181 Security Update Causing Some Devices to Restart in an Infinite Loop

    Windows 11 KB5077181 Security Update Causing Some Devices to Restart in an Infinite Loop Microsoft’s February 10, 2026, security update KB5077181 for Windows 11 versions 24H2 (build 26200.7840) and 25H2 (build 26100.7840) has triggered widespread reports of critical boot failures just days after deployment. Users describe devices entering infinite restart loops, often exceeding 15 cycles,…

  • Windows Shell Security Feature 0-Day Vulnerability Let Attackers Bypass Authentication

    Windows Shell Security Feature 0-Day Vulnerability Let Attackers Bypass Authentication Microsoft released Microsoft Patch Tuesday updates to address a critical zero-day vulnerability in Windows Shell that is currently being actively exploited in the wild. Tracked as CVE-2026-21510, this security flaw allows remote attackers to bypass essential protection mechanisms, putting millions of Windows users at risk. The…

  • Microsoft is Giving the FBI BitLocker Keys

    Microsoft is Giving the FBI BitLocker Keys Microsoft gives the FBI the ability to decrypt BitLocker in response to court orders: about twenty times per year. It’s possible for users to store those keys on a device they own, but Microsoft also recommends BitLocker users store their keys on its servers for convenience. While that…

  • Windows 11 New Security Feature Denies Unauthorized Access to System Files

    Windows 11 New Security Feature Denies Unauthorized Access to System Files Microsoft has introduced a significant security control in the latest Windows 11 preview update designed to restrict unauthorized interaction with critical system files. Released as part of the January 2026 non-security preview (KB5074105), this enhancement specifically targets the Storage settings menu, a sensitive area…

  • Microsoft Releases Out-of-Band Update KB5078127 to Fix Windows 11 File System and Outlook Freezes

    Microsoft Releases Out-of-Band Update KB5078127 to Fix Windows 11 File System and Outlook Freezes An out-of-band (OOB) cumulative update, KB5078127, to address critical file system compatibility issues affecting Windows 11 users. The update resolves widespread problems introduced by the January 13, 2026, security update (KB5074109) that caused application freezes and cloud storage failures across multiple…

  • Microsoft Launches Open-Source WinApp CLI to Streamline Windows App Development

    Microsoft Launches Open-Source WinApp CLI to Streamline Windows App Development Microsoft has unveiled the public preview of WinApp CLI (winapp), a new open-source command-line tool designed to simplify Windows app development for developers using diverse frameworks outside Visual Studio or MSBuild. Hosted on GitHub, the tool targets web devs with Electron, C++ experts on CMake,…

  • Windows SMB Client Vulnerability Enables Attacker to Own Active Directory

    Windows SMB Client Vulnerability Enables Attacker to Own Active Directory A critical vulnerability in Windows SMB client authentication that enables attackers to compromise Active Directory environments through NTLM reflection exploitation. Classified as an improper access control vulnerability, this vulnerability allows authorized attackers to escalate privileges via carefully orchestrated authentication relay attacks over network connections. Seven…

  • New Kerberos Relay Attack Uses DNS CNAME to Bypass Mitigations – PoC Released

    New Kerberos Relay Attack Uses DNS CNAME to Bypass Mitigations – PoC Released A critical flaw in Windows Kerberos authentication that significantly expands the attack surface for credential relay attacks in Active Directory environments. By abusing how Windows clients handle DNS CNAME responses during Kerberos service ticket requests, attackers can coerce systems into requesting tickets…

  • Windows 11 PCs Fail to Shut Down After January Security Update

    Windows 11 PCs Fail to Shut Down After January Security Update Microsoft’s January 13, 2026, security update for Windows 11 has triggered a frustrating bug: affected PCs refuse to shut down or hibernate, instead restarting. The issue is caused by KB5073455, which targets OS Build 22621.6491 on Windows 11 version 23H2. It was first reported…

  • Microsoft Is Finally Killing RC4

    Microsoft Is Finally Killing RC4 After twenty-six years, Microsoft is finally upgrading the last remaining instance of the encryption algorithm RC4 in Windows. of the most visible holdouts in supporting RC4 has been Microsoft. Eventually, Microsoft upgraded Active Directory to support the much more secure AES encryption standard. But by default, Windows servers have continued…

  • Windows Remote Access Connection Manager Vulnerability Enables Arbitrary Code Execution

    Windows Remote Access Connection Manager Vulnerability Enables Arbitrary Code Execution A critical security issue involving the Windows Remote Access Connection Manager (RasMan) that allows local attackers to execute arbitrary code with System privileges. While investigating CVE-2025-59230, the vulnerability that Microsoft addressed in the October 2025 security updates. 0patch security analysts discovered a complex exploit chain that…

  • CISA Warns of Windows Cloud Files Mini Filter 0-Day Vulnerability Exploited in Attacks

    CISA Warns of Windows Cloud Files Mini Filter 0-Day Vulnerability Exploited in Attacks A critical alert regarding an active zero-day vulnerability affecting the Microsoft Windows Cloud Files Mini Filter Driver. The vulnerability poses a significant risk to organizations running affected Windows systems and requires immediate remediation efforts. CISA reports that the vulnerability, tracked as CVE-2025-62221,…

  • Rust-Based Luca Stealer Spreads Across Linux and Windows Systems

    Rust-Based Luca Stealer Spreads Across Linux and Windows Systems Threat actors are increasingly abandoning traditional languages like C and C++ in favor of modern alternatives such as Golang, Rust, and Nim. This strategic shift enables developers to compile malicious code for both Linux and Windows with minimal modifications. Among the emerging threats in this landscape…

  • New Phantom Stealer Campaign Hits Windows Machines Through ISO Mounting

    New Phantom Stealer Campaign Hits Windows Machines Through ISO Mounting Researchers have uncovered a sophisticated phishing campaign originating in Russia that deploys the Phantom information-stealing malware via malicious ISO files. The attack, dubbed “Operation MoneyMount-ISO,” targets finance and accounting departments explicitly using fake payment confirmation emails to trick victims into executing the payload. The campaign…

  • Windows Remote Access Connection Manager Vulnerabilities Let Attackers Escalate Privileges

    Windows Remote Access Connection Manager Vulnerabilities Let Attackers Escalate Privileges Two critical privilege escalation flaws were disclosed in the Windows Remote Access Connection Manager on December 9, 2025. The vulnerabilities, tracked as CVE-2025-62472 and CVE-2025-62474, allow authorized attackers with low-level privileges to gain SYSTEM-level access on affected systems. CVE-2025-62472 stems from the use of uninitialized…

  • Windows Defender Firewall Service Vulnerability Let Attackers Disclose Sensitive Data

    Windows Defender Firewall Service Vulnerability Let Attackers Disclose Sensitive Data A critical information disclosure vulnerability in Windows Defender Firewall Service, which could allow authorized attackers to access sensitive heap memory on affected systems. The vulnerability, tracked as CVE-2025-62468, was assigned an Important severity rating and released on December 9, 2025. The flaw stems from an…

  • Windows PowerShell 0-Day Vulnerability Let Attackers Execute Malicious Code

    Windows PowerShell 0-Day Vulnerability Let Attackers Execute Malicious Code Security update addressing a dangerous Windows PowerShell vulnerability that allows attackers to execute malicious code on affected systems. The vulnerability, tracked as CVE-2025-54100, was publicly disclosed on December 9, 2025, and represents a significant security risk for organizations worldwide. The flaw stems from improper neutralization of…

  • Windows Cloud Files Mini Filter Driver 0-Day Vulnerability Exploited in the Wild

    Windows Cloud Files Mini Filter Driver 0-Day Vulnerability Exploited in the Wild Microsoft has released urgent security updates to address a zero-day vulnerability in the Windows Cloud Files Mini Filter Driver (cldflt.sys) that is currently being exploited in the wild. Assigned the identifier CVE-2025-62221, this elevation of privilege flaw affects a wide range of Windows…

  • Vim for Windows Vulnerability Let Attackers Execute Arbitrary Code

    Vim for Windows Vulnerability Let Attackers Execute Arbitrary Code A critical security vulnerability has been discovered in Vim for Windows that could allow attackers to execute malicious code on users’ computers. The vulnerability, identified as CVE-2025-66476, affects Vim versions before 9.1.1947 and has been rated high severity, with a CVSS score of 7.8. The flaw…

  • Windows 11 24H2 Update Hides the Password Icon in the Sign-in Options on the Lock Screen

    Windows 11 24H2 Update Hides the Password Icon in the Sign-in Options on the Lock Screen Microsoft has confirmed a bizarre user interface bug affecting Windows 11 version 24H2 devices that renders the password sign-in icon invisible on the lock screen. The issue, stemming from the August 2025 non-security preview update (KB5064081) and persisting in…

  • Microsoft Confirms Windows 11 24H2 Update Broken Multiple Core Features

    Microsoft Confirms Windows 11 24H2 Update Broken Multiple Core Features Microsoft has officially acknowledged a significant disruption affecting Windows 11 version 24H2 users, specifically after installing the cumulative update KB5062553 released in July 2025. The issue primarily affects environments using Virtual Desktop Infrastructure (VDI) and devices undergoing their first user logon. Reports indicate that essential…

  • New BOF Tool Exploits Microsoft Teams’ Cookie Encryption Allowing Attackers to Access User Chats

    New BOF Tool Exploits Microsoft Teams’ Cookie Encryption Allowing Attackers to Access User Chats A specialized Beacon Object File (BOF) designed to extract authentication cookies from Microsoft Teams without disrupting the application. This development builds on recent findings that expose how Teams stores sensitive access tokens, potentially allowing attackers to impersonate users and access chats,…

  • New EDR-Redir V2 Blinds Windows Defender on Windows 11 With Fake Program Files

    New EDR-Redir V2 Blinds Windows Defender on Windows 11 With Fake Program Files An upgraded release of tool EDR-Redir V2, designed to evade Endpoint Detection and Response (EDR) systems by exploiting Windows bind link technology in a novel way. According to the researcher TwoSevenOneT, the version targets the parent directories of EDR installations, such as…

  • Hackers Exploiting Windows Server Update Services Flaw to Steal Sensitive Data from Organizations

    Hackers Exploiting Windows Server Update Services Flaw to Steal Sensitive Data from Organizations Windows Server Update Services (WSUS) vulnerability is actively exploited in the wild. Criminals are using this vulnerability to steal sensitive data from organizations in various industries. The vulnerability, tracked as CVE-2025-59287, was patched by Microsoft on October 14, 2025, but attackers quickly…

  • Decoding PIN-Protected BitLocker Through TPM SPI Analysis To Decrypt And Mount The Disks

    Decoding PIN-Protected BitLocker Through TPM SPI Analysis To Decrypt And Mount The Disks BitLocker keys without PIN protection, where attackers could exploit stolen laptops, researchers now delve into PIN-secured setups, targeting insider threats seeking SYSTEM-level access. This technique involves intercepting TPM communications via SPI bus analysis, revealing how even PIN-hardened BitLocker can yield to physical…

  • CISA Warns of Hackers Actively Exploiting Windows Server Update Services RCE Vulnerability in the Wild

    CISA Warns of Hackers Actively Exploiting Windows Server Update Services RCE Vulnerability in the Wild The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations worldwide about active exploitation of a critical remote code execution (RCE) vulnerability in Microsoft’s Windows Server Update Services (WSUS). Tracked as CVE-2025-59287, the flaw carries a CVSS score of…

  • Automatic BitLocker Encryption May Silently Lock Away Your Data

    Automatic BitLocker Encryption May Silently Lock Away Your Data A Reddit poster detailed how reinstalling Windows 11 unexpectedly encrypted two of their backup drives with BitLocker, locking away 3TB of irreplaceable data without any prior setup. The incident, shared onReddit, highlights the risks of Microsoft’s automatic encryption feature in Windows 11, which can activate silently…

  • Windows 11 24H2/25H2 Update Blocks Mouse and Keyboard in Recovery Mode

    Windows 11 24H2/25H2 Update Blocks Mouse and Keyboard in Recovery Mode Microsoft’s latest security update has rendered USB keyboards and mice inoperable within the Windows Recovery Environment (WinRE). Released on October 14, 2025, as KB5066835 for OS Build 26100.6899, the patch affects Windows 11 versions 24H2 and 25H2, as well as Windows Server 2025. The…

  • Microsoft Windows 11 October Update Breaks Localhost (127.0.0.1) Connections

    Microsoft Windows 11 October Update Breaks Localhost (127.0.0.1) Connections Microsoft’s October 2025 cumulative update for Windows 11 has disrupted localhost functionality, preventing developers and users from accessing local web applications and services via 127.0.0.1. The issue, tied to update KB5066835 released on October 14, affects builds like 26100.6899 and has sparked widespread complaints on forums,…

  • Windows BitLocker Vulnerabilities Let Attackers Bypass Security Feature

    Windows BitLocker Vulnerabilities Let Attackers Bypass Security Feature Microsoft has disclosed two critical vulnerabilities in its Windows BitLocker encryption feature, allowing attackers with physical access to bypass security protections and access encrypted data. Released on October 14, 2025, as part of the latest Patch Tuesday updates, these flaws, tracked as CVE-2025-55338 and CVE-2025-55333, pose a…

  • October Patch Tuesday beats January ’25 record

    October Patch Tuesday beats January ’25 record Microsoft throws a farewell party for Win10, Office 2016, and Office 2019… a very big party Angela Gunn Go to sophos

  • Windows Agere Modem Driver 0-Day Vulnerabilities Actively Exploited To Escalate Privileges

    Windows Agere Modem Driver 0-Day Vulnerabilities Actively Exploited To Escalate Privileges Microsoft has disclosed two critical zero-day vulnerabilities in the Agere Modem driver bundled with Windows operating systems, confirming active exploitation to escalate privileges. The flaws, tracked as CVE-2025-24990 and CVE-2025-24052, affect the ltmdm64.sys driver and could allow low-privileged attackers to gain full administrator access.…

  • Microsoft Fixes Long-standing Windows 11 ‘Update and Shut down’ Bug

    Microsoft Fixes Long-standing Windows 11 ‘Update and Shut down’ Bug Microsoft has rolled out a fix in its latest preview builds to resolve a notorious glitch with the “update and shut down” feature. This long-standing issue, which has haunted the operating system for years, tricked users into believing their PCs were powering off when updates were pending, only for the machines to restart unexpectedly and disrupt sleep cycles with noisy fans. The bug emerged shortly after Windows…

  • Microsoft Defender Vulnerabilities Allow Attackers to Bypass Authentication and Upload Malicious Files

    Microsoft Defender Vulnerabilities Allow Attackers to Bypass Authentication and Upload Malicious Files Critical flaws uncovered in the network communication between Microsoft Defender for Endpoint (DFE) and its cloud services, allowing post-breach attackers to bypass authentication, spoof data, disclose sensitive information, and even upload malicious files to investigation packages. These vulnerabilities, detailed in a recent analysis…

  • Microsoft Outlook for Windows Bug Leads to Crash While Opening Email

    Microsoft Outlook for Windows Bug Leads to Crash While Opening Email Microsoft has confirmed it is investigating a significant bug in the classic Outlook for Windows desktop client that causes the application to fail upon launch. The issue, which appears to be linked to Microsoft Exchange logon attempts, prevents users from accessing their mailboxes and…

  • Microsoft Investigating Widespread Outlook.com Outage Preventing Mailbox Access

    Microsoft Investigating Widespread Outlook.com Outage Preventing Mailbox Access Microsoft is actively investigating and addressing widespread errors preventing users from accessing their mailboxes on Outlook.com. The company has been providing regular updates throughout the day, indicating that targeted infrastructure restarts are gradually restoring service. The issue, which began early on October 1, 2025, affects users attempting…

  • Windows 11 25H2 Released for General Availability – Know Issues and Mitigations

    Windows 11 25H2 Released for General Availability – Know Issues and Mitigations Microsoft has officially released Windows 11, version 25H2, also known as the Windows 11 2025 Update, marking the next feature update for the operating system. The update became available for general availability on September 30, 2025, initiating a phased rollout to eligible devices.…

  • Windows Heap Exploitation Vulnerability With Record’s Size Field Leads to Arbitrary R/W

    Windows Heap Exploitation Vulnerability With Record’s Size Field Leads to Arbitrary R/W A critical vulnerability in Windows heap management demonstrates how improper handling of record-size fields enables arbitrary memory read and write operations.  Suraj Malhotra shared a detailed exploitation technique leveraging the Low Fragmentation Heap (LFH) mechanism to achieve code execution on Windows systems. Windows…

  • Hackers Breach Active Directory to Exfiltrate NTDS.dit Leads to Full Domain and Credential Compromise

    Hackers Breach Active Directory to Exfiltrate NTDS.dit Leads to Full Domain and Credential Compromise Active Directory (AD) remains the foundation of authentication and authorization in Windows environments. Threat actors targeting the NTDS.dit database can harvest every domain credential, unlock lateral movement, and achieve full domain compromise.  Attackers leveraged native Windows utilities to dump and exfiltrate NTDS.dit,…

  • Hackers Exploit WerFaultSecure.exe Tool to Steal Cached Passwords From LSASS on Windows 11 24H2

    Hackers Exploit WerFaultSecure.exe Tool to Steal Cached Passwords From LSASS on Windows 11 24H2 Threat actors are leveraging the legacy Windows error‐reporting utility WerFaultSecure.exe to extract the memory region of the Local Security Authority Subsystem Service (LSASS.EXE) and harvest cached credentials from fully patched Windows 11 24H2 systems.  After gaining initial access to a host,…

  • New EDR-Freeze Tool That Puts EDRs and Antivirus Into A Coma State

    New EDR-Freeze Tool That Puts EDRs and Antivirus Into A Coma State A new proof-of-concept tool named EDR-Freeze has been developed, capable of placing Endpoint Detection and Response (EDR) and antivirus solutions into a suspended “coma” state. According to Zero Salarium, the technique leverages a built-in Windows function, offering a stealthier alternative to the increasingly…

  • Microsoft Exchange Online Outage for Users Accessing Email via Exchange Online Methods

    Microsoft Exchange Online Outage for Users Accessing Email via Exchange Online Methods Microsoft is investigating a significant Exchange Online service disruption that is preventing users in North and South America from accessing their mailboxes. The ongoing incident, tracked under the ID EX1151485 in the admin center, impacts all methods of connecting to the email service.…

  • Windows Defender Firewall Vulnerabilities Let Attackers Escalate Privileges

    Windows Defender Firewall Vulnerabilities Let Attackers Escalate Privileges Microsoft has addressed four elevation of privilege vulnerabilities in its Windows Defender Firewall service, all rated as “Important” in severity. The security flaws were detailed in Microsoft’s September 9, 2025, security update release. If exploited, these vulnerabilities could allow an authenticated attacker to gain higher privileges on…

  • Microsoft Patch Tuesday, September 2025 Edition

    Microsoft Patch Tuesday, September 2025 Edition Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known “zero-day” or actively exploited vulnerabilities in this month’s bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft’s most-dire “critical” label. Meanwhile, both…

  • How Microsoft Azure Storage Logs Aid Forensics Following a Security Breach

    How Microsoft Azure Storage Logs Aid Forensics Following a Security Breach After a security breach, forensic investigators work quickly to follow the attacker’s trail. Security experts have analyzed this situation and found that a key source of evidence is often overlooked: Microsoft Azure Storage logs. While frequently overlooked, these logs provide invaluable insights that can…

  • Windows Heap-based Buffer Overflow Vulnerability Let Attackers Elevate Privileges

    Windows Heap-based Buffer Overflow Vulnerability Let Attackers Elevate Privileges A recently patched vulnerability in a core Windows driver could allow a local attacker to execute code with the highest system privileges, effectively taking full control of a target machine. The flaw, identified as CVE-2025-53149, is a heap-based buffer overflow discovered in the Kernel Streaming WOW…

  • Hackers Leverage Windows Defender Application Control Policies to Disable EDR Agents

    Hackers Leverage Windows Defender Application Control Policies to Disable EDR Agents Cybercriminals are exploiting Windows Defender Application Control (WDAC) policies to systematically disable Endpoint Detection and Response (EDR) agents, creating a dangerous blind spot in corporate security infrastructure. Real-world threat actors, including ransomware groups like Black Basta, have now adopted a sophisticated attack technique originally…

  • Microsoft Confirms Recent Windows 11 24H2 Security Update Not Causing SSD/HDD Failures

    Microsoft Confirms Recent Windows 11 24H2 Security Update Not Causing SSD/HDD Failures Microsoft has officially addressed growing concerns among Windows 11 users, stating that its August 2025 security update for version 24H2 is not responsible for the scattered reports of SSD and HDD failures that have recently surfaced on social media and tech forums. The…

  • Microsoft 365 Exchange Online Outage Blocks Email on Outlook Mobile App

    Microsoft 365 Exchange Online Outage Blocks Email on Outlook Mobile App Microsoft is investigating a significant service incident within Exchange Online, identified as EX1137017, which is preventing some users from sending or receiving emails through the Outlook mobile application. The issue, which remains ongoing, specifically impacts customers utilizing Hybrid Modern Authentication (HMA), a common configuration…

  • Microsoft Confirms August 2025 Update Causes Severe Lag in Windows 11 24H2, and Windows 10

    Microsoft Confirms August 2025 Update Causes Severe Lag in Windows 11 24H2, and Windows 10 Microsoft has officially confirmed that its August 2025 security update is causing significant performance problems for users of NDI (Network Device Interface) technology. Content creators, broadcasters, and IT professionals who installed the update are reporting severe lag, stuttering, and choppy…

  • Windows 11 24H2 Security Update Causes SSD/HDD Failures and Potential Data Corruption

    Windows 11 24H2 Security Update Causes SSD/HDD Failures and Potential Data Corruption A significant security update rolled out by Microsoft with the Windows 11 24H2 (KB5063878) release is causing widespread issues for users, with reports surfacing that the update can render SSDs and HDDs inaccessible and may potentially corrupt user data. Last week’s Patch Tuesday…

  • August Patch Tuesday includes blasts from the (recent) past

    August Patch Tuesday includes blasts from the (recent) past Microsoft haul this month covers 109 CVEs… more or less Angela Gunn Go to sophos

  • New ‘Win-DoS’ Zero-Click Vulnerabilities Turns Windows Server/Endpoint, Domain Controllers Into DDoS Botnet

    New ‘Win-DoS’ Zero-Click Vulnerabilities Turns Windows Server/Endpoint, Domain Controllers Into DDoS Botnet LAS VEGAS — At the DEF CON 33 security conference, researchers Yair and Shahak Morag of SafeBreach Labs unveiled a new class of denial-of-service (DoS) attacks, dubbed the “Win-DoS Epidemic.” The duo presented their findings, which include four new Windows DoS vulnerabilities and…

  • BitUnlocker – Multiple 0-days to Bypass BitLocker and Extract All Protected Data

    BitUnlocker – Multiple 0-days to Bypass BitLocker and Extract All Protected Data Researchers have disclosed a series of critical zero-day vulnerabilities that completely bypass Windows BitLocker encryption, allowing attackers with physical access to extract all protected data from encrypted devices in a matter of minutes. The research, conducted by Alon Leviev and Netanel Ben Simon…

  • Windows 11 Gets New Black Screen of Death With Auto Recovery Tool

    Windows 11 Gets New Black Screen of Death With Auto Recovery Tool Microsoft has unveiled significant improvements to Windows 11’s system recovery capabilities, introducing a redesigned Black Screen of Death restart screen alongside an automated Quick Machine Recovery (QMR) tool.  These enhancements are part of the broader Windows Resiliency Initiative (WRI), designed to minimize downtime…

  • Node.js Vulnerabilities Exposes Windows App to Path Traversal and HashDoS Attacks

    Node.js Vulnerabilities Exposes Windows App to Path Traversal and HashDoS Attacks The Node.js project has released critical security updates across multiple release lines to address two high-severity vulnerabilities affecting Windows applications and V8 engine implementations.  Security releases are now available for Node.js versions 20.x, 22.x, and 24.x, with patches addressing a path traversal bypass and…

  • Windows 11’s New Black Screen of Death is Rolling Out for Users

    Windows 11’s New Black Screen of Death is Rolling Out for Users Microsoft has begun rolling out a redesigned error screen interface as part of Windows 11 Build 26100.4762, introducing what users are calling the “new Black Screen of Death.”  This update, released to the Release Preview Channel on July 10, 2025, fundamentally changes how…

  • July Patch Tuesday offers 127 fixes

    July Patch Tuesday offers 127 fixes The seventh month is always a big one for Microsoft, and this year is no exception Angela Gunn Go to sophos

  • ChatGPT Tricked into Disclosing Windows Home, Pro, and Enterprise Editions Keys

    ChatGPT Tricked into Disclosing Windows Home, Pro, and Enterprise Editions Keys A sophisticated jailbreak technique that bypasses ChatGPT’s protective guardrails, tricking the AI into revealing valid Windows product keys through a cleverly disguised guessing game.  This breakthrough highlights critical vulnerabilities in current AI content moderation systems and raises concerns about the robustness of guardrail implementations…

  • KB5062554 – Microsoft Releases Cumulative Update for Windows 10 With July 2025 Patch Tuesday

    KB5062554 – Microsoft Releases Cumulative Update for Windows 10 With July 2025 Patch Tuesday Microsoft rolled out its latest cumulative update for Windows 10, version 21H2 and 22H2, as well as Windows 10 Enterprise LTSC 2021 and Windows 10 IoT Enterprise LTSC 2021. The update, identified as KB5062554 (OS Builds 19044.6093 and 19045.6093), includes critical…

  • Writable File in Lenovo’s Windows Directory Enables a Stealthy AppLocker Bypass

    Writable File in Lenovo’s Windows Directory Enables a Stealthy AppLocker Bypass A significant security vulnerability has been discovered in Lenovo’s preloaded Windows operating systems, where a writable file in the Windows directory enables attackers to bypass Microsoft’s AppLocker security framework.  The issue affects all variants of Lenovo machines running default Windows installations and poses serious…

  • Nessus Windows Vulnerabilities Allow Overwrite of Arbitrary Local System Files

    Nessus Windows Vulnerabilities Allow Overwrite of Arbitrary Local System Files A newly disclosed security advisory from Tenable reveals serious vulnerabilities in the Nessus vulnerability scanner that could enable attackers to compromise Windows systems through privilege escalation attacks.  The security flaws, affecting all Nessus versions prior to 10.8.5, include a critical Windows-specific vulnerability (CVE-2025-36630) that allows…

  • FileFix Attack Exploits Windows Browser Features to Bypass Mark-of-the-Web Protection

    FileFix Attack Exploits Windows Browser Features to Bypass Mark-of-the-Web Protection A sophisticated new variation of cyberattacks emerged in July 2025, exploiting a critical vulnerability in how Chrome and Microsoft Edge handle webpage saving functionality. The attack, dubbed “FileFix 2.0,” bypasses Windows’ Mark of the Web (MOTW) security feature by leveraging legitimate browser saving mechanisms combined…

  • Microsoft Announces New Security Defaults for Windows 365 Cloud PCs

    Microsoft Announces New Security Defaults for Windows 365 Cloud PCs Summary 1. Redirection controls disable clipboard, drive, USB, and printer access by default to prevent data exfiltration and malware injection. 2. Virtualization-based security enables VBS, Credential Guard, and HVCI on Windows 11 Cloud PCs to fortify against credential theft and kernel exploits. 3. Selective implementation…

  • PoC Exploit Released for Critical WebDAV 0-Day RCE Vulnerability Exploited by APT Hackers

    PoC Exploit Released for Critical WebDAV 0-Day RCE Vulnerability Exploited by APT Hackers A critical zero-day vulnerability in WebDAV implementations that enables remote code execution, with proof-of-concept exploit code now publicly available on GitHub.  The vulnerability, tracked as CVE-2025-33053, has reportedly been actively exploited by advanced persistent threat (APT) groups in targeted campaigns against enterprise…

  • Signal Blocks Windows Recall

    Signal Blocks Windows Recall This article gives a good rundown of the security risks of Windows Recall, and the repurposed copyright protection took that Signal used to block the AI feature from scraping Signal data. Bruce Schneier Go to bruce schneier

  • Microsoft Releases Emergency Fix for BitLocker Recovery Issue

    Microsoft Releases Emergency Fix for BitLocker Recovery Issue Microsoft has released an emergency out-of-band update (KB5061768) to address a critical issue causing Windows 10 systems to boot into BitLocker recovery screens following the installation of the May 2025 security updates. The fix, released on May 19, comes after numerous reports from enterprise customers experiencing system…

  • Abusing dMSA with Advanced Active Directory Persistence Techniques 

    Abusing dMSA with Advanced Active Directory Persistence Techniques  Delegated Managed Service Accounts (dMSAs), introduced in Windows Server 2025, represent Microsoft’s latest innovation in secure service account management.  While designed to enhance security by preventing traditional credential theft attacks like Kerberoasting, security researchers have uncovered potential abuse vectors that could allow attackers to establish persistent access…

  • PupkinStealer Attacks Windows System to Steal Login Credentials & Desktop Files

    PupkinStealer Attacks Windows System to Steal Login Credentials & Desktop Files A new information-stealing malware dubbed “PupkinStealer” has been identified by cybersecurity researchers, targeting sensitive user data through a straightforward yet effective approach. First observed in April 2025, this .NET-based malware written in C# focuses on stealing browser credentials, messaging app sessions, and desktop files,…

  • Microsoft primes 71 fixes for May Patch Tuesday

    Microsoft primes 71 fixes for May Patch Tuesday Five issues actively exploited in the wild, but the real excitement may have been handled in advance Angela Gunn Go to sophos

  • Defendnot — A New Tool That Disables Windows Defender by Posing as an Antivirus Solution

    Defendnot — A New Tool That Disables Windows Defender by Posing as an Antivirus Solution Defendnot, a sophisticated new tool that effectively disables Windows Defender by exploiting the Windows Security Center (WSC) API to register itself as a legitimate antivirus solution.  The Windows Security Center service is designed to ensure Windows computers maintain adequate security…

  • UDP Vulnerability in Windows Deployment Services Allows 0-Click System Crashes

    UDP Vulnerability in Windows Deployment Services Allows 0-Click System Crashes A newly discovered vulnerability in Microsoft’s Windows Deployment Services (WDS) allows attackers to remotely crash servers with zero user interaction or authentication.  The flaw, which targets the UDP-based TFTP service at the WDS, could allow even low-skilled attackers to paralyze enterprise OS deployment infrastructure in…

  • Microsoft’s Symlink Patch Created New Windows DoS Vulnerability

    Microsoft’s Symlink Patch Created New Windows DoS Vulnerability A recent Microsoft security update, intended to patch a critical privilege escalation vulnerability, has inadvertently introduced a new and significant flaw.  The fix now enables non-administrative users to effectively block all future Windows security updates, creating a denial-of-service condition.  This unintended consequence of the patch highlights the…

  • Patch Tuesday, April 2025 Edition

    Patch Tuesday, April 2025 Edition Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft’s most-dire “critical” rating, meaning malware or malcontents could exploit them with little to no interaction…